Tuesday, April 13, 2021
Home Economy and Finance SBI data breach: Bank forgets to password secure its server, ends up compromising customer...

SBI data breach: Bank forgets to password secure its server, ends up compromising customer details

According to findings, this unsecured bank server was part of SBI Quick.

What can be called serious negligence on the part of India’s largest bank, the State Bank of India (SBI) forgot to secure its server hosting sensitive information in one of its Mumbai installations, allowing anyone to access financial information like bank balances and recent transactions of millions of its customers?

It is being anticipated that due to this blunder, information related to bank balance, bank account number and other key bits were leaked.

According to a report published by Techcrunch, a tip-off from an anonymous security researcher highlighted that “the bank had not protected the server with a password, allowing anyone who knew where to look to access the data on millions of customers’ information”.

Though there is no surety as to how long this lapse persisted, it was rectified soon after Techcrunch approached the bank and informed about the glitch.

None of the SBI officials commented on this matter.

According to findings, this unsecured bank server was part of SBI Quick. This facility allows the bank customers to send a message or make a call to carry out basic banking functions.

According to the information provided on the bank’s website, the ‘SBI Quick – MISSED CALL BANKING is a free service from the Bank wherein you can get your Account Balance, Mini Statement and more just by giving a Missed Call or sending an SMS with pre-defined keywords to pre-defined mobile numbers from your registered mobile number.’

Meanwhile, what makes it more concerning is that because this particular app connects the customer’s phone number to his/her account, the data leaked from the bank’s server can be used by identity thieves or scammers to swindle money from bank’s accounts.

The report issued by Techcrunch noted that after gaining entry to the unsecured SBI server, the Techcrunch team was able to see “text messages going to customers in real-time, including their phone numbers, bank balances, and recent transactions The bank sent out close to three million text messages on Monday alone.” The server also allowed access to the archive of messages till December 2018, that were supposedly sent to SBI users.

Its database also contained the customer’s partial bank account number, confirmed Techcrunch.

The India-based security researcher, Karan Saini asserted that “the data could be potentially used to profile and target individuals that are known to have high account balances”.

Saini also confirmed that knowing a phone number “could be used to aid social engineering attacks- which is one of the most common attack vectors in the country with regard to financial fraud,” he said.

Recently, State Bank of India (SBI) had alleged misuse of Aadhaar data. Logins and biometrics of their Aadhaar operators have been misused to generate unauthorised Aadhaar cards, bank officials informed UIDAI.

However, the Unique Identification Authority of India (UIDAI), the authority that established the database, had rubbished SBI’s claims.

SBI has more than 500 million customers across the world, with 740 million accounts.

  Support Us  

Whether NDTV or 'The Wire', they never have to worry about funds. In name of saving democracy, they get money from various sources. We need your support to fight them. Please contribute whatever you can afford

OpIndia Staffhttps://www.opindia.com
Staff reporter at OpIndia

Related Articles

Trending now

What happened in Chhabra after Hindu man was stabbed by Muslim men: Call for peace, attack on a Hindu the next day and more

On April 12, the administration extended curfew for one more day at Chhabra, Baran district in Rajasthan after the communal riot

Uttar Pradesh: Gyanvapi mosque management committee seeks a stay on ASI survey, Sunni board supports them

The Gyanvapi mosque management committee had filed an urgent petition in Allahabad High Court seeking a stay on ASI survey of Gyanvapi mosque complex.

Maharashtra: Viral video shows corpses of Covid patients wrapped in garbage bag and polythene being taken for cremation

One of the corpses had a black garbage bag taped over it while the face was wrapped in a polythene bag.

Pfizer wanted Brazil, Argentina to put military bases, Federal reserve as collateral: Why India kept Pfizer away and how the usual suspects are wrong

Pfizer has been accused of countries in Latin America of pledging their sovereign assets, military bases and financial reserves to protect itself from any adverse fallout of the vaccine

OpIndia Exclusive: Tata Communications suffers data leak, hackers claim to have sold access to company’s servers, over 50GB data still up for sale

As per two posts by hackers on a hackers' forum, they have gained access to Tata Communications servers and sold them.

‘Victim card’: Netizens react as ‘comedian’ Munawar Faruqui vows to quit social media, political jokes

Munawar Faruqui has now announced that he would quit making political jokes and leave social media platforms.

Recently Popular

Pfizer wanted Brazil, Argentina to put military bases, Federal reserve as collateral: Why India kept Pfizer away and how the usual suspects are wrong

Pfizer has been accused of countries in Latin America of pledging their sovereign assets, military bases and financial reserves to protect itself from any adverse fallout of the vaccine

After explosive Clubhouse confessions, Prashant Kishor starts building ground to blame only Mamata Banerjee if Bengal is lost: Here’s how

While trying to fire-fight fall-out from Clubhouse conversation, Prashant Kishor has set narrative to blame Mamata Banerjee and TMC for West Bengal loss

Attempts to draw false equivalence between the Kumbh Mela and Tablighi Jamaat congregation do not make sense: Here’s why

Attempts are being made to draw false equivalences between the Kumbh Mela and the Tablighi Jamaat congregation last year.

Shops burnt, stones pelted on police in Baran, Rajasthan after 3 Muslim men stabbed one Kamal Singh: What we know so far

Shops burnt, police personnel injured, stone pelting, fire department vehicles attacked in Chhabra, Rajasthan.

‘Victim card’: Netizens react as ‘comedian’ Munawar Faruqui vows to quit social media, political jokes

Munawar Faruqui has now announced that he would quit making political jokes and leave social media platforms.
- Advertisement -

 

Connect with us

254,077FansLike
528,725FollowersFollow
24,200SubscribersSubscribe