A media report on Wednesday claimed that the India’s banking giant,State Bank of India(SBI)left a server with its millions of users data unprotected.
The reported server is said to have been secured since then, but the existence of an alleged unprotected server raises serious questions about the security practices at the bank, which manages the money of over 42 crore customers across India.
The TechCrunch has alleged that,an unprotected server at Mumbai data centre including the two month data from SBI Quick,the mobile banking service were got exposed. SBI Quick is claimed to offer an easy and non-connected way to its consumers to get basic information about their account with the bank. The consumers can ask for their balance, mini statement, and request a cheque book.
The unprotected SBI Quick,which was not even protected by a single password,let those who knew where to look for, access to the banking data of millions of customers, including their mobile numbers, partial account numbers, account balance, recent transactions and more. TechCrunch says a security researcher who wants to remain anonymous,first discovered the security leak.
The website states that it verified the authenticity of the server by asking one India-based security researcher to use the SBI Quick service and within seconds, they reportedly could see the researcher’s number as well as the response sent to him on the password-less server.If the things are true more than millions of text messages sent in response to the consumer queries were largely got exposed.