State Bank of India goes through a massive data breach as the details of millions of SBI account holders and customers have been leaked. After news of data leak of Facebook and Twitter users, now India’s biggest bank network have been a victim to leak of data by the hackers.
SBI forgot to password-protect a server based in Mumbai data center. So, the potential hackers could easily get the data with ease. The leaked data contains partial account numbers, balance, transaction details and much more. The server in question is used to store data from SBI Quick, an SMS, and cell-based services. Using these services, a user can get account details, balance, and more by just sending an SMS or a voice call.
The data breach contains phone numbers and partial account details of the SBI account holders. Hackers can use those phone numbers to ask ramson, especially for those accounts with a high-account balance. The same phone number can also be used for social engineering attacks. The leak has not revealed any sort of account authentication password, which is a relief.
Talking about the massive data breach, security researcher, Karan Saini said: “The data available could potentially be used to profile and target individuals that are known to have high account balances.” He further added that having access to phone numbers “could be used to aid social engineering attacks — which is one the most common attack vector here with regard to financial fraud.”