State Bank of India left archive with millions of Customer messages exposed

Another data breach made the headlines, this time the victim is the State Bank of India that left a database containing personal information exposed online.

The State Bank of India that left a database containing personal information exposed online.

The discovery was made by an anonymous security researcher that has found a server used for the bank’s Quick service, a mobile-based information service. Quick is “a free service from the Bank where in you can get your Account Balance, Mini Statement and more just by giving a Missed Call or sending an SMS with pre-defined keywords to pre-defined mobile numbers from your registered mobile number.”

The database was exposed online without protection and the database was located could gain access to the plaintext information it contained.

The archive contained millions of text messages, going back to December, that were exchanged by the bank with its customers. Exposed data includes the customer’s phone number, partial bank account number, bank balance and records of transactions.

The good news is that the State Bank of India quickly fixed the issue within hours after it was informed of the problem, unfortunately, it is not known how long the data remained exposed online or whether threat actors accessed to the huge trove of information.

The availability of this information poses a serious risk to bank customers, threat actors could use it to target bank customers.

Pierluigi Paganini

(SecurityAffairs – data breach, State Bank of India)

[adrotate banner=”5″] [adrotate banner=”13″]