In a shocking incident reported, India’s largest bank – State Bank of India, leaked sensitive details such as bank balance and bank account number of million of its customers.
The bank apparently forgot to secure a server that was hosting sensitive information of millions of its customers. The server was in one of its Mumbai installations.
A report in Techcrunch, which came to know about the unsecured server after a tip-off by an anonymous security researcher, highlights that “the bank had not protected the server with a password, allowing anyone who knew where to look to access the data on millions of customers’ information”.
It is not clear for how long the server was left unsecured. But when Techcrunch reached out to SBI, the glitch was fixed. However, SBI did not comment on the matter.
The report noted that after gaining entry to the unsafe SBI server, the Techcrunch team was able to see “text messages going to customers in real-time, including their phone numbers, bank balances, and recent transactions The bank sent out close to three million text messages on Monday alone.”
The server also allowed access to the archive of messages going back to December that were supposedly sent to SBI users.
This is not the first instance of carelessness at the end of an Indian bank. Earlier, in 2016, millions of debit cards issued by a number of Indian banks, including by SBI, were compromised.