India largest biggest Bank State Bank of INDIA (SBI) suffered data breached
SBI Server Database is not protected by Password.
Unprotected Server leaked Million of Customers Accounts Details
Security researchers was able to track customers transaction details.
According to report by TechCrunch, the alleged unprotected server that allowed anyone to access financial information on million of its customers including Bank balances and transaction activities.
SBI server, hosted in its head office in Mumbai based data center, and its not protected with a password reason to allowing anyone who knew here to look to access the data on million of customers information.
The security researcher was able to access bank account details with balance and other financial details of millions of SBI users.
What happened with SBI?
The server stored data related to SBI Quick service. The server contained details of all messages sent to those SBI customers who subscribed for the service.
SBI Quick is a new method of digital banking that allows its customers to learn about their bank accounts and other financial details through SMS. Customers need to send commands or missed calls to the service for getting the required information. It is beneficial for those who don’t have smartphones or access to Internet banking.
SBI Quick allows SBI’s banking customers to text the bank, or make a missed call, to retrieve information back by text message about their finances and accounts. It’s ideal for millions of the banking giant’s customers who don’t use smartphones or have limited data service.
By using predefined keywords, like “BAL” for a customer’s current balance, the service recognizes the customer’s registered phone number and will send back the current amount in that customer’s bank account. The system can also be used to send back the last five transactions, block an ATM card and make inquiries about home or car loans.
SBI claims more than 500 million customers across the globe with 740 million accounts.
Finally the database has reportedly fixed by Bank.
Is it risk for you?
Not really, server is only exposing your account transaction details not username and password, no accounts Pin’s. But the leaked database could be used for identity theft by using social engineering attack.
The Banks should be hired Cyber Security Professionals to protect their servers.
How to protect your Bank details?
- Apply for SMS alert.
- Avoid to use a same PIN password.
- Change your ATM PIN regularly.
- Don’t give any personal information on the phone.
- The Bank never asks your personal info on call.
- Do not click on an unknown link and the attachment in the E-mail or mobile.