SBI Leaves Server Unsecured, Exposes Customers’ Sensitive Data

A recent report by Techcrunch made it evident that customers’ bank account information is not secure – even at India’s largest bank! An unknown security researcher pointed out that SBI’s server was left unprotected. It denoted anyone with the right skills could access SBI servers. They could get real-time sensitive financial data like customers’ bank balances and recent transactions.

US-based TechCrunch, which publishes technology news, revealed about a security breach in India’s largest bank. This was due to a lack of server management which made millions of customers’ data accessible. The server was based at the Mumbai data center hosting two months’ data from SBI Quick. The anonymous security researcher detected it, which means the server was without the password for a long time.

Data from SBI Quick Exposed

Using SBI’s text message and call-based system – SBI Quick customers can request basic information about their bank accounts. This back-end system stores millions of text messages each day. SBI provides this free service to send the required account information to customers.

Customers can send a message or give a missed call to get their information related to their account such as current balance, last five transactions. The system also allows customers to block ATM cards, make inquiries about home loans or car loans. Customers use predefined keywords e.g. “BAL” from their registered number to know their account balance. The customers who have not subscribed for this service have chances that their data is secure.

Further Action for Customers

Apparently, account holders can rest assured that there’s no immediate risk to the account; as the unsecured server did not reveal the username or passwords of the account holders. Hence, there is no direct threat to account security. However, hackers can easily get mobile numbers, balance information, and recent transactions. They can target customers with a high account balance. Further, social engineers can misuse the data for fraud.

As a security measure, account holders should avoid using public Wi-Fi to access the banking account. You should change passwords regularly to keep your account safe. Likewise, you must not share your personal details with anyone. If you get a message about an unauthorized transaction, immediately contact your bank.

SBI’s Investigation on the Matter

SBI has promptly secured the servers and protected the database. The bank assured its commitment to ensuring data security. Stating the matter is taken extremely seriously, the bank has also tweeted, “Data security is a serious matter and we have thoroughly investigated the alleged data incident, finding that our data is safe and secure, and we’re fully committed to ensuring this.”

Data security is a serious matter and we have thoroughly investigated the alleged data incident, finding that our data is safe and secure, and we’re fully committed to ensuring this. pic.twitter.com/uwbbyNFzBb

— State Bank of India (@TheOfficialSBI) February 1, 2019

• Relief for Paytm, Amazon Pay, other mobile wallets! RBI extends deadline for KYC compliance by 6 months
• How to Choose the Best Web Hosting Plans for any Website
• How to Deactivate or Permanent Delete Your Facebook Account (Updated)
• What Is UPI Payment? Top 4 UPI Payment Apps For Android In 2020
• 5 Different Methods to Recover Facebook Account

Even though the issue is fixed now, this breach incident emphasizes that financial institutions must implement more robust security practices.