State Bank of India has found itself in the middle of a data security scandal as a media report on Wednesday claimed that the India’s largest bank left a server with the banking data of its consumers unprotected. The reported server is said to have been secured since then, but the existence of an alleged unprotected server raises serious questions about the security practices at the bank, which manages the money of over 42 crore customers across India.
According to a report by TechCrunch, the alleged unprotected server of the State Bank of India was housed in a Mumbai data
The SBI server was apparently not protected by a password, thus giving anyone, who knew where to look for, access to the banking data of millions of customers, including their mobile numbers, partial account numbers, account balance, recent transactions and more. TechCrunch says the leak was discovered by a security researcher, who wants to remain anonymous.
The report explains the server essentially housed the back-end system of the SBI Quick service and included millions of messages that were being sent to the consumers in response to their queries. It added that they could allegedly see the text messages being sent in real-time. The website states that it verified the authenticity of the server by asking one India-based security researcher to use the SBI Quick service and within seconds, they reportedly could see the researcher’s number as well as the response sent to him on the password-less server.
TechCrunch says the server revealed that the bank sent over three million text messages to the consumers on Monday itself. With two months of such data, a malicious party could do a lot of damage to the unsuspecting State Bank of India consumers.