SBI leaves server unprotected, leaks bank details of millions of its customers: Reports


The issue came into light when an anonymous security researcher highlighted that the SBI had not protected its server with a password.

According to a report on Wednesday, India's largest bank, the State Bank of India (SBI), leaked sensitive details such as the customer's bank balance and bank account number.

The bank apparently forgot to secure a server that was hosting sensitive information of millions of its customers. The server was in one of its Mumbai installations, said the report.

According to the report, this came into light when an anonymous security researcher highlighted that the bank had not protected its server using a password, and anyone who knew where to look could access the information of millions of its customers. Although it is not clear for how long the server was kept unprotected, SBI says it has got the glitch fixed.

Image source: CCN

The report also revealed that the server was a part of SBI Quick or missed-call banking, which enables customers to perform the basic banking functions through a phone call or SMS. The unprotected server allegedly contained two months of data from SBI Quick.

According to the bank's website, it is a free service allowing customers to access their account balance and mini statement with pre-defined keywords or pre-defined mobile numbers from the registered mobile number.

Media reports say the bank is yet to verify the breach of data.

Contradictorily, two days ago, SBI alleged the misuse of Unique Identification Authority of India (UIDAI) data. SBI officials had informed the UIDAI that logins and biometrics of their operations had been misused to generate unauthorised Aadhaar cards.

B Rajendra Kumar, Deputy General Manager of SBI said, "We have, through our corporate office in Mumbai, raised this issue with the UIDAI. The authority should be more transparent with us and let us know how this is happening. They should also guide us on the issue and, above all, make their database more secure."

Countering the charge, UIDAI said the Aadhaar data base was completely secured and no breach had taken place.


Updates from around the world