TRENDING ON ONEINDIA
- Jammu & Kashmir: IED Blast Leaves An Army Officer Dead In Rajouri
- Saina And Saurabh Emerge Champions In The National Badminton
- Xiaomi Mi 9 Is The Most Powerful Android Smartphone In The World
- CBDT Notifies Deadline For Mandatory Aadhaar Linking To File Tax Returns
- Tesla Sentry Mode — The Guardian Angel Of Your Tesla
- Jageshwar — The Himalayan Town With 100 Ancient Temples
- Anushka Sharma Opens Up About Catfights In Bollywood
- Ever Faced Emotional Abuse As A Child?
State Bank of India (SBI), India's biggest bank network is now a victim of a massive user data breach. It is estimated that at least a million users' data has been leaked.
Reason behind the leak
Unlike most of the data leaks, where hackers try to hack the password-protected servers, SBI forgot to password-protect a server based in Mumbai data center. So, the potential hackers could easily get the data with ease. The leaked data contains partial account numbers, balance, transaction details and much more.
The server in question is used to store data from SBI Quick, an SMS, and cell-based services. Using these services, a user can get account details, balance, and more by just sending an SMS or a voice call.
The SBI Quick service was especially useful for those, who own a feature phone and cannot access internet banking. Along with the information mentioned above, the Mumbai based server was also used to store daily archives of the bank.
How will it affect the users?
The data breach contains phone numbers and partial account details of the SBI account holders. Hackers can use those phone numbers to ask ramson, especially for those accounts with a high-account balance. The same phone number can also be used for social engineering attacks.
The leak has not revealed any sort of account authentication password, which is a relief. As of now, there is no information on the exact amount of data that has been leaked from the Mumbai based SBI server.
State Bank of India or SBI is yet to comment on the breach. It is pretty wild to think that a government-owned entity forgot to secure the server with potential data, which can be used to social engineering attacks.
Security researcher, Karan Saini said
The data available could potentially be used to profile and target individuals that are known to have high account balances.” He further added that having access to phone numbers “could be used to aid social engineering attacks — which is one the most common attack vector here with regard to financial fraud.”