According to a report, India’s largest bank, the State Bank of India or SBI bank, leaked sensitive details such as the customer’s bank balance and bank account number.
Reports say that the bank apparently forgot to secure a server that was hosting sensitive information of millions of its customers. The server was in one of its Mumbai installations, said the report.
This came into light when an anonymous security researcher highlighted that the SBI bank had not protected its server using a password, and anyone who knew where to look could access the information of millions of its customers. Although it is not clear for how long the server was kept unprotected, SBI says it has got the glitch fixed.
The report also revealed that the server was a part of SBI Quick or missed-call banking, which enables customers to perform the basic banking functions through a phone call or SMS. The unprotected server allegedly contained two months of data from SBI Quick.
SBI Quick or missed-call banking is a free service allowing customers to access their account balance and mini statement with pre-defined keywords or pre-defined mobile numbers from the registered mobile number.