[ FEB 01, 2019 ]
India’s largest bank has secured an unprotected server that allowed anyone to access financial information on millions of its customers, like bank balances and recent transactions.
The server, hosted in a regional Mumbai-based data center, stored two months of data from SBI Quick, a text message and call-based system used to request basic information about their bank accounts by customers of SBI.
But the bank had not protected the server with a password, allowing anyone who knew where to look to access the data on millions of customers’ information.
The database was secured overnight by SBI.