Country’s largest financial institution, the State Bank of India, has recently faced an uncompromising data leak of millions of its customers.
According to a recently published report in Techcrunch, the critical financial data of the customers had been creviced through an unguarded server.
The server exposed the data in the open environment, but the engineers have worked relentlessly to fix this issue.
Here is what you need to know more.
#Data Vulnerability
SBI has a data centre in Mumbai that contains a server which is not password protected. This is a claim based on the report published by TechCrunch. TechCrunch verified the authenticity of the news from the recent discoveries of the security researcher.
The said server accommodates crucial banking information of customers by employing SBI quick, a fast and hassle-free text and call-based service for keeping an update about balances, recent transactions, and credit details. Without imposing a strict password, the information becomes unprotected and denuded.
#Banking information of millions was left exposed
Although the data leakage has been adeptly resolved by the SBI team, the concern is yet to be addressed. It is not yet known for how long the server was left unprotected. SBI has shied away from providing an explanation on the issue or how the users’ data have been left unshielded. It is still unclear how many numbers of users have been affected.
However, it has been officially verified from TechCrunch sources that the banking institution has forwarded 3 million texts through their servers conveying the information of holding the banking details for an entire official day.
#Types of compromised information
To put things into perspective, the unguarded server imperilled the back-end text message system of SBI Quick, jeopardising critical messages going to the customers through the dedicated service.
It enables real-time display of outbound texts as well as already archived messages sent over a span of two months.
This was one way of endangering confidential information like bank balances, mobile numbers, recent transactions, and account numbers.
#How it has affected the account holders?
More than a direct threat, there is an indirect threat to the SBI mobile app users. Pieces of information like username or passwords were not exposed by the exposed servers meaning there is no direct violation to the account confidentiality. It is even notable that balance information, past transactions, and mobile numbers can easily expose people with high account balances vulnerable to hacking attacks. The scammers, hackers, and fraudulent tricksters will be targeting these accounts.