In shocking disclosure India’s Biggest Bank State Bank of India (SBI) was found to be maintaining an unprotected server with not password protection or other security protocols containing millions of its user’s financial data.
The server which was maintained in Mumbai was under the SBI Quick division, a SMS based data inquiry service for SBI account holders to enable them to check their bank balance and recent transactions. It is quite alarming that this private information was available for anyone with a password or any authorization.
TechCrunch first covered the story after a tip off from a security researcher. Their inquiry verified that the server was without protection and that it even let the team to view the SMS messages going to SBI account holders in real time along with personal information such as the phone numbers, recent transactions and bank balances.
SBI asserts that they have over 50 million customers with over 75 million bank accounts. It is inconceivable that such valuable information which could easily be misused was so easily available for any individuals or entities that can misuse it. SBI has since password protected the system however perhaps the damage is already done.