1/31/2019 4:54:08 PM
|written By : Team India Se|
The State Bank of India leaked account data of millions of its customers, reports TechCrunch. The American technology news site reports India’s largest bank failed to password-protect a server that allowed anyone to access financial information such as bank balances and recent transactions of millions of its customers.
The report said the bank has now secured the server, but it was left open long enough for it to be discovered by a security researcher, who told TechCrunch of the leak but did not want to be named.
The server, hosted in a Mumbai-based data centre, stored two months of data from SBI Quick, a text message and call-based system used to request basic information about their bank accounts by customers, reported TechCrunch.
“The passwordless database allowed us to see all of the text messages going to customers in real time, including their phone numbers, bank balances and recent transactions. The database also contained the customer’s partial bank account number. Some would say when a check had been cashed, and many of the bank’s sent messages included a link to download SBI’s YONO app for internet banking.
“The bank sent out close to three million text messages on Monday alone.
“The database also had daily archives of millions of text messages each, going back to December, allowing anyone with access a detailed view into millions of customers’ finances.”
The bank did not respond to its emails, TechCrunch added.