The data leak case of India’s largest bank State Bank of India has emerged. According to a report by American Tech Website TechCrunch, the bank’s server was without password. For this reason information of millions of customers can be accessed. This bank’s server is in the Mumbai based data center.
This data center has 2 months of data stored in SBI Quick. SBI Quick is a system whereby the basic information pertaining to account holders and the basic information related to the account is given. Due to not being secure it has been easy to access.
According to reports, it is unclear how long this server is open and unprotected. A security researcher found the server open and TechCrunch reported it first. However, the security researcher who has highlighted this weakness of the State Bank of India has laid the condition of not disclosing the name.
Through the SBI Quick, the customers of the bank get the information about the missed calls and text messages. The user has to send BAL keyword so that the bank identifies the registered mobile number of the customers and sends information to that number. Account balance and last five transaction details are available. Apart from this, ATM card blocks can also be made under this service.
TechCrunch has confirmed that bank and text messages have been leaked, in which there are millions of message stored every day. Since no password was set in the database, all text messages in the database have been seen which are real time. These include the customer’s phone numbers, bank balances and resent transactions.
These databases also have the partial account numbers of the customers. According to the report, this database access has also received information that the bank has sent approximately 3 million text messages only on Monday. This database has a daily archive of millions of text messages which is up to December i.e. anyone can view the financial information of these customers.
Without a password, the database can be quite dangerous for the sensitive information of the customer. Because it can access the information of the customers, a hacker can collect them for doing wrong or fraud. The same can be easier for companies that advertise this database. Because the phone numbers of the customers are also given here.
State Bank of India has not yet issued any statement on this report. However, the State Bank of India has secured the database overnight.
What happens without the database password?
Very simple – the data is stored in the computer, which has many ways. Information is stored here in Organized way. This data is made easy so that the company can use it. The data is managed and updated in real time. Companies secure database servers in many ways, including hardware and software security. But there is a basic security password which is quite common. But as mentioned in this report, there was no password in the database, it is a very serious matter. Call it a mistake or negligence. But this can lead to big losses of customers.
