The Silicon Review ^Asia

The State Bank of India (SBI) is the largest bank in India and a Fortune 500 company which is owned by the government. It has about 500 million customers and boasts of around 23% of the market share of the banking sector in India. One of the top security analysts in the country has now discovered a gaping hole in the bank’s security, exposing its database to virtually anyone who knows where to look.

This is not a breach of data or any type of unauthorized access, but a lapse in the security systems. The database in question did not have so much as a password to protect it from unauthorized access, putting at risk the financial information of several million customers. The database was put in place for a special facility provided by the bank to help customers know their account balance instantly through an SMS or a missed call. This service is called SBI Quick. It has been put in place to allow customers to enjoy basic features without the need for a smartphone or even internet data. Users need to give a missed call to a toll-free number from their registered mobile number or send an SMS with ‘BAL’ in the body to know their current account balance or a few recent transactions. 

The server to send text messages was left unprotected and anyone who could find their way around the systems could know customers’ account information. The vulnerability was secured a day after it was exposed.