SBI data leaked: Millions of customers' information exposed from server

SBI's Mumbai-based data center had a server without password protection, TechCrunch reported on the basis of findings of a security researcher.

The server hosted banking information of customers using SBI Quick, its text and call-based service for staying updated about balances, recent transactions, and credit information.

As such, without a password, it made all that information available in the open.

Though the issue now seems to have been fixed, it still remains unclear how long the server was left unprotected.

SBI has not commented on the matter or explained how many users may have been affected.

To put things into perspective, TechCrunch was able to verify that the bank sent out 3 million texts, through the server, holding banking information on one day alone.

Specifically, the unprotected server compromised back-end text message system of SBI Quick, exposing messages going to customers through the service.

It displayed outgoing messages in real time as well as daily archives of messages sent over the last two months.

This way, anyone who knew where to look, would have had access to information like bank balances, mobile numbers, recent transactions, partial account numbers.

Not directly, at least.

The unprotected server didn't expose username or passwords, meaning there's no direct threat to account security.

However, it is worth noting that balance information, recent transactions, and mobile numbers could make people with high account balances susceptible to social engineering attacks.

They could be targeted by fraudsters and tricked into giving away their money.