Slashdot Mirror
India's Largest Bank SBI Leaked Account Data On Millions of Customers (techcrunch.com)
An anonymous reader quotes a report from TechCrunch: India's largest bank has secured an unprotected server that allowed anyone to access financial information on millions of its customers, like bank balances and recent transactions. The server, hosted in a regional Mumbai-based data center, stored two months of data from SBI Quick, a text message and call-based system used to request basic information about their bank accounts by customers of the government-owned State Bank of India (SBI), the largest bank in the country and a highly ranked company in the Fortune 500. But the bank had not protected the server with a password, allowing anyone who knew where to look to access the data on millions of customers' information.
The passwordless database allowed us to see all of the text messages going to customers in real time, including their phone numbers, bank balances and recent transactions. The database also contained the customer's partial bank account number. Some would say when a check had been cashed, and many of the bank's sent messages included a link to download SBI's YONO app for internet banking. The bank sent out close to three million text messages on Monday alone. The database also had daily archives of millions of text messages each, going back to December, allowing anyone with access a detailed view into millions of customers' finances. SBI claims more than 500 million customers across the globe with 740 million accounts.
The passwordless database allowed us to see all of the text messages going to customers in real time, including their phone numbers, bank balances and recent transactions. The database also contained the customer's partial bank account number. Some would say when a check had been cashed, and many of the bank's sent messages included a link to download SBI's YONO app for internet banking. The bank sent out close to three million text messages on Monday alone. The database also had daily archives of millions of text messages each, going back to December, allowing anyone with access a detailed view into millions of customers' finances. SBI claims more than 500 million customers across the globe with 740 million accounts.
I mean, imagine someone with an Indian accent called you with "Sir, I'm from your bank and we have to inform you ..."
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
"They didn't bother thinking for the reason of the feature I was asking for, and comprehended I wanted a parameter."
If you know there's a language barrier, and you ask for random when you mean specific, you have only yourself to blame.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Pretty soon it will get the government to pass a law to make it illegal to access databases without password. Then it will display a warning saying it is illegal to access this data base. And then wash its hands off saying, "we can't be held responsible for the criminal actions of the miscreants. Affected parties are advised to file complaints against the trespassers with the appropriate authorities who would do the needful". Then they will go return to status quo ante.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact