India’s largest bank leaves the data of millions of users exposed:
The State Bank of India’s (SBI) server was left without any password protection exposing the contact details, balances and partial account number details of its users.
The server has since been secured, but while left vulnerable, it had archived messages going back to December.
While no sensitive data was disclosed, the data breach leaves customers susceptible to social engineering hacks and extortion.
The ‘SBI Quick’ server — a service that allows the bank’s customers to text the bank for information on their accounts — has reportedly been secured since the report.
But while it was open, it had archives of messages dating back to December according to TechCrunch’s investigation. That’s millions and millions of messages about balance information, loan inquiries, financial transactions and other data — although there were no passwords disclosed. Business Insider has reached out to SBI but they are yet to issue a response on the data breach. The data breach was spotted by a security researcher (unnamed) and verified by Karan Saini, the researcher who previously found a leak in India’s Aadhaar database, the largest biometric authentication system in the world.