The server allowed access to all the messages as well as details of transaction details of millions of SBI customers. Later the issue was fixed..
After the tip-off by an anonymous security researcher, the issue came to know that “the bank did not password protect the server.” The problem allowed anyone to know where to look at millions of customers’ information to use the data. It is not clear how long the server was left unsafe, but it has been fixed now.
How secure is your bank account information stored with the country’s largest bank State Bank of India? Not much, apparently, apparently In a report on Wednesday, it was found that SBI forgot to secure a major server hosting its sensitive information in its Mumbai establishments and the server could have leaked details of millions of bank accounts. It is believed that information related to bank balance, bank account number and other key bits leaked.
TechCrunch’s report, in which an anonymous security researcher found out about the unsafe server after the tip-off, highlighted that “the bank did not preserve the server with the password, who knew that the data was accessed To know where to look for millions of customers. ”
It is not clear how long the server was left unsafe. But when Techcrunch approached SBI, the mess was fixed. However, SBI did not make any comment on the matter.
The report noted that the unsecured server was part of SBI Quick, which allowed the bank customers to send a message or make a call to carry out basic banking functions.
The bank explains its website, “SBI Quick – MISSED CALL BANKING is a free service from the bank, where you can get your account balance, mini statement and more just by giving a missed call or pre-defined keywords with pre-defined keywords. -defined mobile numbers from your registered mobile number.
Please ensure that your mobile number is updated in your account to be able to register for this service. ”
However, because the SBI Quick connects an SBI customer’s phone number with his account, the data leaked from the SBI server is used by the bank’s accounts from the money swindle to identity theft or scammers.
The report noted that after the gaining entry to the unsafe SBI server, the Techcrunch team was able to see “text messages going to customers in real-time, including their phone numbers, bank balances, and recent transactions” The bank sent three million text messages on Monday alone. ”
The server has allowed access to the archive of messages that have been sent to SBI users who have reportedly gone back to December.
An Indian company and an Indian bank are not new in the news due to poor digital security practices. In 2016, millions of debit cards issued by several Indian banks, including SBI, were settled.
In the long run, we have also seen a growing number of bank fraud cases where identity theft and base data scammers have compromised bank accounts and stole money from those accounts.