A startling revelation claims that State Bank Of India (SBI) maintained an unprotected server where private financial data of millions of its users was available for anyone without a password.
It's a disconcerting development for India's biggest bank, where bank balances and recent transactions were accessed without authorization.
ALSO READ:?The Unthinkable Has Happened, Someone Hacked Into NASA And Stole Employees' Private Information
The server belonged to SBI Quick, an SMS-based data inquiry service for SBI account holders to quickly check their bank balance and recent transactions, and it was maintained in Mumbai.
The story was first broken by TechCrunch, who were alerted of the unsecured data server by a security researcher who wished to remain anonymous. Their inquiry found that the server hosted millions of SBI bank account related text messages each day.?
In fact, TechCrunch also independently verified the password-less database held by SBI, it even allowed them to see SMS going to SBI account holders in real-time, along with their phone numbers, recent transactions and bank balance.
TechCrunch
ALSO READ:?If You Have One Of These 22 Android Apps, Your Smartphone Can Be Hacked Anytime
SBI claims to have 50 crore customers with over 75 crore bank accounts, and it's horrifying to learn that the bank handled their private data in such a shoddy manner.
Just on Monday alone, the SBI Quick password-less server had generated 30 lakh text messages containing financial details of customers, ripe for the picking for anyone who wanted to snoop around.
Reuters
ALSO READ:?SBI Is Reducing Withdrawals To Rs 20,000 From Oct 31 Onwards, This ATM Fraud Is The Reason Why
It doesn't take a genius to realize that the unprotected SBI server held a treasure trove of information for hackers and scammers. It would also allow nefarious entities to get hold of the data and profile high net-worth individuals, based on their bank transactions.
SBI has since password-protected the server, but it begs the question how such a lapse in security happened in the first place.