SBI ‘India’s Largest Bank’ Leaves Its Data Servers Unprotected
The server leaked details of millions of Indians because it wasn’t secured with a password. State bank of India, India’s largest bank, left one of its important servers without a password letting anyone to peek in or hack the server who knows exactly where to look.
The server, hosted in regional Mumbai-based data center, contained two months of data from SBI Quick. SBI quick is a messaging or call-based system which allows users to text or calls the bank to get necessary information on their accounts like bank balance or mini-statements, especially for the customers who don’t use a smartphone.
The time for which the servers were vulnerable for an attack is still unknown but long enough for it to be discovered by a security researcher who reported the issue to the bank as soon as he found the unprotected servers. The news was first reported by TechCrunch, on late Wednesday.
According to the researcher who discovered the unprotected servers, “he was able to access bank account details such as the account balance and other financial details of millions of SBI users.” The security researcher was able to track real-time transaction details. In fact, information like phone numbers was also made public and in some cases, highly personal info of the customers was exposed.
The bank has secured the leaked data after the issue was reported but it is still not confirmed whether the exposed data was retrieved by any third party or not, leaving the customer’s info still under a threat of being used by anyone who peeked in the exposed data for his own advantage.
Should you worry as an SBI customer?
The question arises, should you worry if you are an SBI customer? Yes, a little, if you have subscribed for the SBI Quick services and No, if not. It has been reported that data of only those customers who have opted for SBI quick services, were exposed. There is no direct threat to your account as no pin or passwords were exposed but identity theft can be there as your personal info and phone numbers were exposed.