India’s largest bank in terms of customers is the State Bank of India. This bank is popularly known as the SBI among the masses. The customer base of this bank is situated in rural as well as urban areas. SBI is also one of the higher ranked companies in the list of Fortune 500 companies. However, in a moment of embarrassment, SBI leaked account data of its customers.
Now, the reason behind this is a rookie error and not expected from India’s largest bank. This leak happened because SBI forgot to password-protect one of their servers.
State Bank of India leaks account data of millions of customers
State Bank of India’s leak included account data such as recent transactions and balance information. Now, this data was not available publicly but anyone with knowledge of accessing server was able to get this data. This data was available for quite some time but it has now been fixed.
As we mentioned earlier, the server on which leak happened was not password-protected. Therefore, it became very easy to access the server.
Now, the account data does not include anything severe such as PIN or Customer’s Account password. However, critical information such as current balance, recent transaction, and the mobile number could be accessed. This information is crucial for people who want to target people with certain demographics.
This includes people having a high or low balance in their account. Also, it could be used to threaten users that their last transactions were invalid. Customers would not know that the person is fake because the information is accurate.
The server we are talking about is based in Mumbai. This server stored two months data of SBI Quick. SBI Quick is a service which offers details regarding an SBI customer’s account. These details include current balance, recent transactions and more.
Also, SBI Quick is a service which is based on text or call. So a user just needs to SMS or Call the number and information will be provided to them.
This data leak was first tipped to TechCrunch by a security researcher, supposedly from India. Now, the details may not seem like a threat to customer’s bank accounts but they can cause harm.
For example, it is possible to block someone’s ATM card with the information of their last 4 transactions. Because SBI usually asks for last 4 transactions of a user in order to verify their identity.