SBI Left Banking Data of Millions of Users Unprotected Online: Report

Share on Facebook Tweet Share Reddit Comment
SBI Left Banking Data of Millions of Users Unprotected Online: Report

SBI Quick service allows users to check their account balance and more over SMS or via a missed call

Highlights

  • The password-less SBI server is said to have been secured now
  • The server allegedly included two months of data from SBI Quick
  • SBI is the largest bank in India with over 42 crore customers

State Bank of India has found itself in the middle of a data security scandal as a media report on Wednesday claimed that the India's largest bank left a server with the banking data of its consumers unprotected. The reported server is said to have been secured since then, but the existence of an alleged unprotected server raises serious questions about the security practices at the bank, which manages the money of over 42 crore customers across India.

According to a report by TechCrunch, the alleged unprotected server of the State Bank of India was housed in a Mumbai data centre and included two months of data from SBI Quick, a missed call banking service from the company. SBI Quick is claimed to offer an easy and non-connected way to its consumers to get basic information about their account with the bank. The consumers can ask for their balance, mini statement, request a cheque book, and more.

The SBI server was apparently not protected by a password, thus giving anyone, who knew where to look for, access to the banking data of millions of customers, including their mobile numbers, partial account numbers, account balance, recent transactions and more. TechCrunch says the leak was discovered by a security researcher, who wants to remain anonymous.

The report explains the server essentially housed the back-end system of the SBI Quick service and included millions of messages that were being sent to the consumers in response to their queries. It added that they could allegedly see the text messages being sent in real-time. The website states that it verified the authenticity of the server by asking one India-based security researcher to use the SBI Quick service and within seconds, they reportedly could see the researcher's number as well as the response sent to him on the password-less server.

TechCrunch says the server revealed that the bank sent over three million text messages to the consumers on Monday itself. With two months of such data, a malicious party could do a lot of damage to the unsuspecting State Bank of India consumers.

We have reached out to SBI for a statement on the matter but did not get a response at the time of publication.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Gaurav Shukla Paranoid about online surveillance, Gaurav believes an artificial general intelligence is one day going to take over the world, or maybe not. He is a big ‘Person of ... More
Samsung Profits Slump Along With Drop in Demand for Its Key Products
OnePlus Pulls Latest OxygenOS Open Beta Updates for Four Phones After Some Units Get Bricked
 
 

Advertisement

 

Advertisement