Massive data breach @ State Bank of India

BoneCollector · 31st January 2019, 13:38

There has been a data breach in SBI, our largest nationalised bank and it has been brought to fore. Apparently it happened over a period of 2 months when SBI was using a server in Mumbai which was not password protected. Details here -

https://techcrunch.com/2019/01/30/st...data-leak/amp/

Response given by SBI at the moment -

Massive data breach @ State Bank of India-screenshot_20190131133956__01.jpg

Now with such incidents, one does feel that digital transactions have some or the other loopholes which miscreants try to use for their benefit. I hope that this is properly investigated and countermeasures taken. As of now, I can only think about changing PINs and passwords but will that also be secure?

More links - https://www.indiatoday.in/amp/techno...www.google.com

https://www.zeebiz.com/personal-fina...rom%20%251%24s

rovingeye · 31st January 2019, 13:49

Quote:

Originally Posted by BoneCollector

There has been a data breach in SBI

As of now, I can only think about changing PINs and passwords but will that also be secure?

Wow! This is scary.

One can only hope that sensitive info such as passwords and pins were encrypted before storing.

vrprabhu · 31st January 2019, 14:17

From the data available in the link (techcrunch), what appears to have happened is this :

1. The server containing customer account balance / transaction details had been accessed. It is likely that the (partly masked) customer account numbers, mobile numbers, transaction details could have been exposed.

2. The server was probably handling the USSD (Unstructured Supplementary Service Data) services of SBI customers and hence the likelihood of storing customer credentials (password, login ids etc.) appear to be unlikely.

How this data will get used is an unanswerable (to me, atleast) - because, with this data fraudster can easily convince gullible SBI customers that the calls are authentic by sharing transaction details, which many will presume that only the bank knows.

Incidentally, the site stated in the news is Data Center of SBI at Belapur (Mumbai). Hope that leak was restricted to only this particular server and is well firewalled from other core applications.

SBI customers, as a matter of precaution, would do well to change their debit card pin, mobile & net banking passwords immediately.

Samurai · 31st January 2019, 16:10

Not surprised at all. This is how secure systems are in Indian banks, especially nationalized ones. Concept of security and privacy is not really understood. Let me point to an old post of mine.

31st January 2019, 13:38	#1
BoneCollector Distinguished - BHPian Join Date: Apr 2011 Location: BIHAR Posts: 3,202 Thanked: 10,814 Times View My Garage	Massive data breach @ State Bank of India There has been a data breach in SBI, our largest nationalised bank and it has been brought to fore. Apparently it happened over a period of 2 months when SBI was using a server in Mumbai which was not password protected. Details here - https://techcrunch.com/2019/01/30/st...data-leak/amp/ Response given by SBI at the moment - Now with such incidents, one does feel that digital transactions have some or the other loopholes which miscreants try to use for their benefit. I hope that this is properly investigated and countermeasures taken. As of now, I can only think about changing PINs and passwords but will that also be secure? More links - https://www.indiatoday.in/amp/techno...www.google.com https://www.zeebiz.com/personal-fina...rom%20%251%24s Last edited by BoneCollector : 31st January 2019 at 13:46.
	() Thanks

31st January 2019, 14:17	#3
vrprabhu Senior - BHPian Join Date: Oct 2008 Location: ?? Posts: 1,283 Thanked: 1,105 Times View My Garage	re: Massive data breach @ State Bank of India From the data available in the link (techcrunch), what appears to have happened is this : 1. The server containing customer account balance / transaction details had been accessed. It is likely that the (partly masked) customer account numbers, mobile numbers, transaction details could have been exposed. 2. The server was probably handling the USSD (Unstructured Supplementary Service Data) services of SBI customers and hence the likelihood of storing customer credentials (password, login ids etc.) appear to be unlikely. How this data will get used is an unanswerable (to me, atleast) - because, with this data fraudster can easily convince gullible SBI customers that the calls are authentic by sharing transaction details, which many will presume that only the bank knows. Incidentally, the site stated in the news is Data Center of SBI at Belapur (Mumbai). Hope that leak was restricted to only this particular server and is well firewalled from other core applications. SBI customers, as a matter of precaution, would do well to change their debit card pin, mobile & net banking passwords immediately.
	() Thanks

31st January 2019, 16:10	#4
Samurai Team-BHP Support Join Date: Jan 2005 Location: Bangalore/Udupi Posts: 25,828 Thanked: 45,557 Times View My Garage	re: Massive data breach @ State Bank of India Not surprised at all. This is how secure systems are in Indian banks, especially nationalized ones. Concept of security and privacy is not really understood. Let me point to an old post of mine.
	() Thanks