Another data breach made the headlines, this time the victim is the State Bank of India that left a database containing personal information exposed online.
The State Bank of India that left a database containing personal information exposed online.
The discovery was made by an anonymous security researcher that has found a server used for the bank’s Quick service, a mobile-based information service. Quick is “a free service from the Bank where in you can get your Account Balance, Mini Statement and more just by giving a Missed Call or sending an SMS with pre-defined keywords to pre-defined mobile numbers from your registered mobile number.”
The database was exposed online without protection and the database was located could gain access to the plaintext information it contained.
The archive contained millions of text messages, going back to December, that were exchanged by the bank with its customers. Exposed data includes the customer’s phone number, partial bank account number, bank balance and records of transactions.
The good news is that the State Bank of India quickly fixed the issue within hours after it was informed of the problem, unfortunately, it is not known how long the data remained exposed online or whether threat actors accessed to the huge trove of information.
The availability of this information poses a serious risk to bank customers, threat actors could use it to target bank customers.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.