A Mumbai based server of State Bank of India (SBI) was found to be left without a password for an unknown period of time. The issue was known after a tip-off by an anonymous security researcher highlighted that “the bank had not protected the server with a password.” The problem allowed anyone who knew where to look to access the data on millions of customers’ information. It is not clear for how long the server was left unsecured, but it has been fixed now. It has been presumed that information related to bank balance, bank account number and other key bits were leaked.
In a report published earlier on TechCrunch, they mentioned that a security-researcher, Karan Saini said, “The data available could potentially be used to profile and target individuals that are known to have high account balances. Knowing a phone number “could be used to aid social engineering attacks — which is one of the most common attack vectors in the country with regard to financial fraud.”
The researcher was able to access bank account details such as the account balance and other financial details of millions of State Bank of India (SBI) users. One could access every individual’s data from up to 2 months ago. The security researcher was able to track transaction details in real time. In fact, the media report states the researcher was able to witness 3 million messages on Monday alone.
With over 500 Million users, State Bank of India (SBI) is responsible to such security leaks which is really unacceptable from customer’s point of view. Although State Bank of India (SBI) was fast enough to tackle the matter. The server stored data related to SBI Quick service. The server contained details of all messages sent to those State Bank of India (SBI) customers who subscribed for the service. Although the problem has been solved, yet the information that the State Bank of India (SBI) server leaked could be used for identity theft, if not for the direct access to your bank account.
About SBI Quick
SBI Quick – MISSED CALL BANKING is a new service from State Bank of India which involves Banking by giving a Missed Call or sending an SMS with pre-defined keywords to pre-defined mobile numbers. This service can only be activated for the mobile number that is registered for a particular account with the Bank.
1. Balance Enquiry
2. Mini Statement
3. Blocking of ATM Card
4. Car and Home Loan Enquiry