The vulnerability of the database of the largest bank in India, SBI made accessing its millions of customers information possible. The security breach which was revealed by a tech security researcher enables accessing the bank balances and recent transactions of millions of customers.
Unprotected Database Of SBI
An unprotected server base of the government-owned state bank of India, which is the largest bank in the country and highly rated by fortune 500 enables anybody to access the financial information of millions of its customers. The server which is hosted in a regional Mumbai-based data centre consists of two months of data from SBI quick, a text message and call based system used by customers to request for basic information about their bank accounts.
The range of period the server has been unprotected is not known, but a security researcher discovered it. The SBI quick enables any customer of the bank to text the bank, make a missed call as well retrieve information back by text message about their finances and accounts. This service is more suitable for millions of the bank’s customers who are not using a smartphone or having a limited data service.
Information can be obtained from the server through the use of predefined keywords such as “BAL” to obtain information related to an account balance. The service recognizes the customers registered phone number which the requested information will be sent to. The system also serves purposes such as obtaining Information on the last five transactions, blocking of an ATM card and making inquiries on car and house loans.
Exposed Back End Text Message System
The error in the system was caused by the exposure of the back end of the text message system of the servers as revealed by TechCrunch. The system was confirmed to have stored millions of messages, and three million messages were sent out on Monday.
Dangers Of The Unsecured Server
Karaini Sanni, a security researcher, noted that the unsecured server is very dangerous as the data available could be used to profile and target individuals that are known to have a high balance. He also stated that obtaining a phone number of the customer of the bank could be a tool to aid social engineering attack which is prevalent in the country.
The unprotected server has made the 500 million customers of the bank worldwide and its 740 million accounts prone to scammers. Curbing this type of vulnerability is essential for the safety of the financial world.