Tuesday, August 4, 2020
Home Economy and Finance SBI data breach: Bank forgets to password secure its server, ends up compromising customer...

SBI data breach: Bank forgets to password secure its server, ends up compromising customer details

According to findings, this unsecured bank server was part of SBI Quick.

Also Read

OpIndia Staffhttps://www.opindia.com
Staff reporter at OpIndia

What can be called serious negligence on the part of India’s largest bank, the State Bank of India (SBI) forgot to secure its server hosting sensitive information in one of its Mumbai installations, allowing anyone to access financial information like bank balances and recent transactions of millions of its customers?

It is being anticipated that due to this blunder, information related to bank balance, bank account number and other key bits were leaked.

According to a report published by Techcrunch, a tip-off from an anonymous security researcher highlighted that “the bank had not protected the server with a password, allowing anyone who knew where to look to access the data on millions of customers’ information”.

Though there is no surety as to how long this lapse persisted, it was rectified soon after Techcrunch approached the bank and informed about the glitch.

None of the SBI officials commented on this matter.

According to findings, this unsecured bank server was part of SBI Quick. This facility allows the bank customers to send a message or make a call to carry out basic banking functions.

According to the information provided on the bank’s website, the ‘SBI Quick – MISSED CALL BANKING is a free service from the Bank wherein you can get your Account Balance, Mini Statement and more just by giving a Missed Call or sending an SMS with pre-defined keywords to pre-defined mobile numbers from your registered mobile number.’

Meanwhile, what makes it more concerning is that because this particular app connects the customer’s phone number to his/her account, the data leaked from the bank’s server can be used by identity thieves or scammers to swindle money from bank’s accounts.

The report issued by Techcrunch noted that after gaining entry to the unsecured SBI server, the Techcrunch team was able to see “text messages going to customers in real-time, including their phone numbers, bank balances, and recent transactions The bank sent out close to three million text messages on Monday alone.” The server also allowed access to the archive of messages till December 2018, that were supposedly sent to SBI users.

Its database also contained the customer’s partial bank account number, confirmed Techcrunch.

The India-based security researcher, Karan Saini asserted that “the data could be potentially used to profile and target individuals that are known to have high account balances”.

Saini also confirmed that knowing a phone number “could be used to aid social engineering attacks- which is one of the most common attack vectors in the country with regard to financial fraud,” he said.

Recently, State Bank of India (SBI) had alleged misuse of Aadhaar data. Logins and biometrics of their Aadhaar operators have been misused to generate unauthorised Aadhaar cards, bank officials informed UIDAI.

However, the Unique Identification Authority of India (UIDAI), the authority that established the database, had rubbished SBI’s claims.

SBI has more than 500 million customers across the world, with 740 million accounts.

  Support Us  

Whether NDTV or 'The Wire', they never have to worry about funds. In name of saving democracy, they get money from various sources. We need your support to fight them. Please contribute whatever you can afford

OpIndia Staffhttps://www.opindia.com
Staff reporter at OpIndia

Trending now

Is ED violating its guidelines by registering money laundering case in connection with SSR’s death? Here’s how NDTV journalists peddled fake news

The Enforcement Directorate has recently lodged a case of money laundering in connection with the alleged suicide of Sushant Singh Rajput.

Why it’s wrong to call Aatish Taseer a ‘bastard’ even if he is one

All Amit Shah ever did to Taseer was revoke a privilege that allowed him to circumvent the usual visa application process that common people go through.

Organise Deepotsav, Akhand Ramayan Path: UP CM Yogi Adityanath urges everyone to light earthen lamps for Ram Mandir Bhoomi Pujan

CM Yogi Adityanath reached Ayodhya today afternoon and visited the Ram Janmabhoomi site where the Bhoomi Pujan is to be held

Faizal Farooqui, accused in Delhi’s anti-Hindu Riots case tried to get bail on fake medical certificate, case registered

The Delhi Police have filed a case against Rajdhani School owner Faisal Farooqui, his wife, doctor and advocate for submitting fake documents to get bail in the anti-Hindu riots case.

After Congress claimed Lord Ram didn’t exist, Kamal Nath prepares to host Hanuman Chalisa recital, Digvijay Singh credits Rajiv Gandhi for Ram Mandir

Ahead of the Ram Mandir Bhoomi Pujan on August 5, Congress senior leader and former Madhya Pradesh CM Digvijaya Singh claimed that the foundation stone of the Lord Ram's Temple in Ayodhya has already been laid by former Prime Minister Rajiv Gandhi.

Sushant Singh Rajput googled words like ‘painless death’, ‘schizophrenia’ and ‘bipolar disorder’ claims Mumbai Police, questions parents for suspecting foul play

Mumbai Police Chief Param Bir Singh said in a press conference that no party was held at Sushant Singh Rajput's place on June 13 and no politician was involved in the case

Recently Popular

Here is why #BabyPenguin is trending on Twitter, and why Aaditya Thackeray is called so by some

Yuva Sena registered complaint against twitter user for calling Aaditya Thackeray "Baby Penguin" and Uddhav Thackeray "Aurangzeb"

Delhi Police confirm OpIndia report, say that Tahir Hussain has confessed he had planned the Delhi riots to teach Hindus a lesson

Tahir Hussain confesses before Delhi police that he had planned the Delhi Riots, collected materials in advance for the same

Barkha Dutt interviews Sushant Singh Rajput’s therapist, who breaks client confidentiality to give a clean chit to Rhea in middle of investigation

Barkha Dutt and Susan Walker Moffat breaks patient confidentiality by releasing mental illness history of Sushant Singh Rakput

Why it’s wrong to call Aatish Taseer a ‘bastard’ even if he is one

All Amit Shah ever did to Taseer was revoke a privilege that allowed him to circumvent the usual visa application process that common people go through.

Delhi violence started with Ladeeda’s call to Jihad on 11th December, now, she has another message ahead of Ram Mandir Bhoomi Pujan

Ladeeda Farzana, the face of the violent protests that swept Jamia Millia Islamia University last year, shared the picture of Babri structure with the message: "Never forget, never forgive"

Filmmaker Ram Gopal Varma has a prolonged meltdown, announces a movie on Arnab Goswami, “Arnab, The News Prostitute”

Ram Gopal Varma vented his spleen against the Republic TV Editor-in-Chief in a series of tweets on Twitter.

Filmmaker Ram Gopal Varma has a prolonged meltdown, announces a movie on Arnab Goswami, “Arnab, The News Prostitute”

Ram Gopal Varma vented his spleen against the Republic TV Editor-in-Chief in a series of tweets on Twitter.

Is ED violating its guidelines by registering money laundering case in connection with SSR’s death? Here’s how NDTV journalists peddled fake news

The Enforcement Directorate has recently lodged a case of money laundering in connection with the alleged suicide of Sushant Singh Rajput.

Second FIR registered against Drone Boy’ Prathap after he calls his lawyer to his hotel to arrange for ‘bail from his quarantine’: Here’s what...

'Drone Boy' N.M. Prathap has had a second FIR registered against him after he violated quarantine for the second time.

Delhi violence started with Ladeeda’s call to Jihad on 11th December, now, she has another message ahead of Ram Mandir Bhoomi Pujan

Ladeeda Farzana, the face of the violent protests that swept Jamia Millia Islamia University last year, shared the picture of Babri structure with the message: "Never forget, never forgive"

Why it’s wrong to call Aatish Taseer a ‘bastard’ even if he is one

All Amit Shah ever did to Taseer was revoke a privilege that allowed him to circumvent the usual visa application process that common people go through.

‘Informed Bandra Police his life is in danger on Feb 25, asked them to take action against those named in complaint, no action taken’:...

Father of Sushant Singh Rajput says he informed Bandra Police about the threat to his son's life in the month of February.

Organise Deepotsav, Akhand Ramayan Path: UP CM Yogi Adityanath urges everyone to light earthen lamps for Ram Mandir Bhoomi Pujan

CM Yogi Adityanath reached Ayodhya today afternoon and visited the Ram Janmabhoomi site where the Bhoomi Pujan is to be held

India’s Industrial Heritage: Through Pt. Madan Mohan Malaviya’s independent ‘Note’ to the Industrial Commission of 1916

Pandit Madan Mohan Malaviya wrote an independent note to the report by the Industrial Commission of 1916.

Faizal Farooqui, accused in Delhi’s anti-Hindu Riots case tried to get bail on fake medical certificate, case registered

The Delhi Police have filed a case against Rajdhani School owner Faisal Farooqui, his wife, doctor and advocate for submitting fake documents to get bail in the anti-Hindu riots case.

Connect with us

238,731FansLike
420,891FollowersFollow
288,000SubscribersSubscribe