One of largest Indian Bank, State Bank of India leaks millions of user data. This data leak originated from one of SBIs data center present in Mumbai. Right now, what we know that few months earlier SBI starts SBI quick service via which Customers can spontaneously access Mini Statement, Available balance and other services. SBI officials stores SBI Quick service data to one of the data center in Mumbai. However, officials forget to lock the server via some sort of passwords. Finally, the result is anyone who has the knowledge of this server’s exact path will able to access these data.
Techcrunch first notice this issue after some security researchers ping them about it. Moreover, Techcrunch team has now let aware SBI team aware about this issue and SBI team has finally resolved it. Right now, SBI hasn’t make any statement about this issue from their end. Moreover, they also not present their statement how much data may leak from their servers. We also not know, for how much long this server backend was open. But we do know, the service was introduced last year in the month of December.
Note that SBI Quick is SBIs missed call banking facility via which one can retrieve Mini Statement, Account Balance, and many more things. After getting that much details, scammers around the world may get their hand to your bank account money.
Following are the data which we expect to leak after this issue
- Customers Phone Number
- Bank Balance
- Recent Transactions
- Partial Bank Account Number
Techcrunch even cross checked the flaw by asking an Indian Security researcher Karan Saini. Karan Saini, then send a text message to SBI server, and within a minute Techcrunch able to locate his message on the database as well as the text message he received from SBI on his phone.