recent report by Techcrunch made it evident that customers’ bank account information is not secure – even at India’s largest bank! An unknown security researcher pointed out that SBI’s server was left unprotected. It denoted anyone with right skills could access SBI servers. They could get real-time sensitive financial data like customers’ bank balances and recent transactions.
US-based TechCrunch, which publishes technology news, revealed about a security breach in India’s largest bank. This was due to a lack of server management which made millions of customers’ data accessible. The server was based at Mumbai data center hosting two months’ data from SBI Quick. The anonymous security researcher detected it, means the server was without the password for a long time.
Data from SBI Quick Exposed
Using SBI’s text message and call-based system – SBI Quick customers can request basic information about their bank accounts. This back-end system stores millions of text messages each day. SBI provides this free service to send the required account information to customers.
Customers can send a message or give missed call to get their information related to their account such as current balance, last five transactions. The system also allows customers to block ATM cards, make inquiries about home loans or car loans. Customers use predefined keywords e.g. “BAL” from their registered number to know their account balance. The customers who have not subscribed for this service have chances that their data is secure.
Further Action for Customers
Apparently, account holders can rest assured that there’s no immediate risk to the account; as the unsecured server did not reveal username or passwords of the account holders. Hence, there is no direct threat to account security. However, hackers can easily get mobile numbers, balance information, and recent transactions. They can target customers with the high account balance. Further, social engineers can misuse the data for fraud.
As a security measure, account holders should avoid using public Wi-Fi to access the banking account. You should change passwords regularly to keep your account safe. Likewise, you must not share your personal details with anyone. If you get a message about an unauthorized transaction, immediately contact your bank.
SBI’s Investigation on the Matter
SBI has promptly secured the servers and protected the database. The bank assured its commitment to ensuring the data security. Stating the matter is taken extremely seriously, the bank has also tweeted, “Data security is a serious matter and we have thoroughly investigated the alleged data incident, finding that our data is safe and secure, and we’re fully committed to ensuring this.”
Data security is a serious matter and we have thoroughly investigated the alleged data incident, finding that our data is safe and secure, and we’re fully committed to ensuring this. pic.twitter.com/uwbbyNFzBb
— State Bank of India (@TheOfficialSBI) February 1, 2019
Even though the issue is fixed now, this breach incident emphasizes that financial institutions must implement more robust security practices.