According to the report, an anonymous security researcher calls attention to that the SBI has not protected its server with a password.
On Wednesday, India’s largest bank, the State Bank of India (SBI), leaked sensitive details such as the customer’s bank balance and bank account number.
The bank apparently forgot to secure a server that was hosting sensitive information of millions of its customers. The server was in one of its Mumbai installations, said the report.
According to the report, this came into light when an anonymous security researcher highlighted that the bank had not protected its server using a password, and anyone who knew where to look could access the information of millions of its customers. Although it is not clear for how long the server was kept unprotected, SBI says it has got the glitch fixed.
The report also revealed that the server was a part of SBI Quick or missed-call banking, which enables customers to perform the basic banking functions through a phone call or SMS. The unprotected server allegedly contained two months of data from SBI Quick.
According to the bank’s website, it is a free service allowing customers to access their account balance and mini statement with pre-defined keywords or pre-defined mobile numbers from the registered mobile number.
Media reports say the bank is yet to verify the breach of data.
Contradictorily, two days ago, SBI alleged the misuse of Unique Identification Authority of India (UIDAI) data. SBI officials had informed the UIDAI that logins and biometrics of their operations had been misused to generate unauthorized Aadhaar cards.
Countering the charge, UIDAI said the Aadhaar database was completely secured and no breach had taken place.