Indeed, it was unfortunate that on 30th January 2019, there was a talk about an unprotected SBI data server in Mumbai, which apparently left data of millions of bank customers exposed. The Server is said to have leaked details like bank balance of apparently millions of Indians because there was no protection or security through a password.
- We say everything is digital, however, the safety of data and privacy has become very essential.
- The conditions reveal that it is not important enough for the State Bank of India that left one of its servers open by not entering a password on it.
- We have come across data leaks earlier, which has occurred even with tech giants like Facebook. But here, the issues creep up because of unknown bugs or loopholes in software.
- The State Bank of India (SBI) India’s largest bank though accidentally left the data of millions of SBI customers exposed to the world. The amount of damage done is not known yet.
How it came to light?
- TechCrunch first reported about the issue late on 30th Jan 2019.
- The security researcher happened to stagger upon one of SBI’s data servers located in Mumbai.
- On probing further, the researcher was able to access financial details of millions of the bank’s customers easily.
- The researcher was also able to track transactional data in a real-time.
- However, before the report was published, the incident was reported to SBI and the bank then put a password on its mission-critical server.
- With 740 million active accounts, chances are that you might be one of SBI’s customers and it is important to know whether the issue compromised your data privacy.
Here’s all one need to know about SBI data leak in 10 points.
- One of SBI’s data servers in Mumbai was found to be accessible to public and vulnerable to data theft and hackers. A security researcher found the data server was not protected by a password or any kind of other security measures. The server was essentially an open book to anyone on the Internet with the right skills to grasp bank data of millions of people. The security researcher then contacted Techcrunch and gave the publication all the details.
- The researcher was able to access bank account details such as the account balance and other financial details of millions of SBI users. One could access every individual’s data from up to 2 months ago.
- The security researcher was able to track transaction details in real time. In fact, the media report states the researcher was able to witness 3 million messages on Monday the 28th Jan 2019 alone.
- The server was located in Mumbai and was found to be left without a password for an unknown period of time. When the researcher discovered, it wasn’t known as to how long the server was left in that condition.
- The server stored data related to SBI Quick service. The server contained details of all messages sent to those SBI customers who subscribed for the service.
- The messages contained account balances, phone numbers and, in some cases, other valuable information regarding an individual.
- SBI Quick is a new method of digital banking that allows its customers to learn about their bank accounts and other financial details through SMS. Customers need to send commands or missed calls to the service for getting the required information. It is beneficial for those who don’t have smartphones or access to Internet banking.
- The phone numbers exposed in the leak could actually lead to hackers knowing about the financial details of an individual. It could lead people with malicious intentions to harass people with higher bank balance.
- Before the leak was reported, State Bank of India was made aware of the issue. The bank reportedly fixed the issue by securing the server.
- It’s not yet known whether the server’s data has been mined by an external source. Additionally, the data of only those customers are affected who are subscribed to the SBI quick service. If you haven’t opted for the subscription, chances are your data is secure.
Customer’s Concern:
- Customers have to worry a little.
- The information that the SBI server leaked could be used for identity theft, if not for the direct access to your bank account.
- No account PINs or passwords were leaked. So, there is no immediate risk to your account.
- However cyber crooks for financial frauds can target the SBI customers; profile, by fine-tuning, filtering and mining the data with the following details.
- transactions done,
- credits received in the account
- who was the beneficiary?
- when the details were leaked etc.,
No Comments