SBI reportedly left a server based in Mumbai unprotected. Anybody with the knowledge about tracking the server can retrieve the Account details of millions of its users. Sensitive details about the bank balance, recent transaction details were also known to be revealed due to the unprotected server.
This is a recent server that was hosted in a data center located in Mumbai. This server stored all the data from the last two months about the SBI Quick service. The service allows the users of SBI to use a text message or call as a medium to receive basic information about their accounts. The information can be of their current bank balance or about the recent transactions. The text message will also contain the last four digits of the respective account number. Customers can inquire about home or car loans through this. In case, the ATM card is lost, this feature can be used to block the card.
SBI Quick was enabled for users who do not possess smartphones or for the people with low mobile data. Just by sending code words like BAL, or by placing a call they can get the required details. Thus, the registered mobile numbers can also be retrieved easily by anyone. This has created a state of astonishment and havoc in Mumbai. With so many details about so many users being unprotected, anybody can use them for blackmail. They can even track down the accounts with a large bank balance and use it to threaten them.
The duration of which the server remained without any password is unknown. But the information that has passed through the server has been tremendous. About 3 million text messages were sent by the bank through this server on Monday alone. An anonymous security researcher has found out about the leak. They also confirmed that the server was not secured with any kind of password.
This system used back-end text message and data storing medium which can hold up to millions of messages every day. This database system has also got the option for daily archives. When these details were taken, a detailed view of all the accounts could be retrieved since the month of December.
SBI is one of the largest bank functioning in India. The government-owned bank has got about 740 million accounts across the globe. This act has now questioned the security of the users’ bank accounts details. However, the server was secured as soon as it was found to be unprotected. The server was secured overnight with the assistance of the National Critical Information Infrastructure Protection Center. The national bank is yet to check for breach and
misuse of the data.
It can be noted that SBI accused the Aadhaar authority UIDAI a few days back. The bank told that the details of logins and biometrics were misused to create fake Aadhaar cards in the nation. Later, UIDAI confirmed that the database for Aadhaar was absolutely secure. The data was also verified for breaches.
Author: Prachi K
Technical Writer, Branding Executive – Hackers Interview. Prachi has professional experience in the area of Branding and Article writing.