SBI Data Leak: What can you do to stay protected?
Just a few hours ago, India's largest financial institution, the State Bank of India, was found exposing customer data from an unprotected server. The bank, as we reported, inadvertently leaked information of millions of customers, including their bank balances, recent transactions, phone numbers. This has raised alarms regarding account security, but worry not, there are ways to stay protected. Let's take a look.
How SBI exposed information?
According to TechCrunch, one of the servers at SBI's Mumbai-based data center was left without password protection. It was associated with the back-end database of SBI Quick, the call and text-based service that allows customers to get account updates on their phones. As such, the server exposed messages sent to customers in real time and the information they carried - balances, transactions, mobile numbers.
They found two months' worth of messages
In their investigation, TechCrunch found two months' worth of SBI Quick messages being exposed through the server. This archived data had millions of messages; in fact, some three million messages were sent on Monday alone.
How this information can affect SBI customers?
Going by the report, the leak may have compromised above-mentioned information and partial account numbers of SBI customers. Though this doesn't pose a direct threat to account security, it could open gates for fraudsters, who might use leaked phone numbers and balance details to target people with high account balances. In essence, this could lead to a rise in social engineering attacks, frauds.
What are social engineering attacks
Social engineering is one of the most common attack vectors for financial fraud in India. Cybercriminals reach their targets via calls or texts and trick them into divulging confidential information, like login and passwords for net banking. They might claim to be an SBI employee (by telling your balance) and offer lucrative deals to manipulate you into giving away your account details.
However, it is pretty easy to stay protected
In order to avoid such attacks, never give your banking details to anybody on call, even if the person claims to be a legit bank employee. Also, if there are any questions, visit the bank in person for answers and make sure your account and the money in it is fully secured. Finally, never open links or agree to pay for a free deal/offer.
Also, keep updating your passwords
You cannot control security defenses at SBI's end, but you can definitely make sure that your account is fully secured. For this, update its password from time to time and keep a tab on your finances.
