A report on Wednesday revealed that the SBI forgot to secure a key server hosting sensitive information in one of its Mumbai installations and that the server might have leaked details of millions of bank accounts. It has been presumed that information related to bank balance, bank account number and other key bits were leaked.
The report in Techcrunch, which came to know about the unsecured server after a tip-off by an anonymous security researcher, highlights that “the bank had not protected the server with a password, allowing anyone who knew where to look to access the data on millions of customers’ information”.
It is not clear for how long the server was left unsecured. But when Techcrunch reached out to SBI, the glitch was fixed. However, SBI did not comment on the matter.
The report noted that the unsecured server was part of SBI Quick, which allowed the bank customers to send a message or make a call to carry out basic banking functions. The bank explains on its website, “SBI Quick – MISSED CALL BANKING is a free service from the Bank wherein you can get your Account Balance, Mini Statement and more just by giving a Missed Call or sending an SMS with pre-defined keywords to pre-defined mobile numbers from your registered mobile number. Please ensure that your mobile number is updated in your account to be able to register for this service.”
However, because the SBI Quick connects an SBI customer’s phone number with his account, the data leaked from the SBI server could be used by identity thieves or scammers to swindle money from bank’s accounts