Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the multisite-clone-duplicator domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114
[www-stage.newsbtc.com/news/indian-public-sector-bank-leaks-millions-of-customers-data-merit-of-bitcoin/amp/]
[wp-includes/functions.php:6114 trigger_error(), wp-includes/functions.php:6054 wp_trigger_error(), wp-includes/l10n.php:1370 _doing_it_wrong(), wp-includes/l10n.php:1408 _load_textdomain_just_in_time(), wp-includes/l10n.php:194 get_translations_for_domain(), wp-includes/l10n.php:306 translate(), wp-content/plugins/multisite-clone-duplicator/include/lang.php:6 __(), wp-content/plugins/multisite-clone-duplicator/multisite-clone-duplicator.php:32 require_once('wp-content/plugins/multisite-clone-duplicator/include/lang.php'), wp-settings.php:471 include_once('wp-content/plugins/multisite-clone-duplicator/multisite-clone-duplicator.php'), wp-config.php:53 require_once('wp-settings.php'), wp-load.php:50 require_once('wp-config.php'), wp-blog-header.php:13 require_once('wp-load.php'), index.php:17 require('wp-blog-header.php')]

Indian Public Sector Bank Leaks Millions of Customers' Data, Merit of Bitcoin

Indian Public Sector Bank Leaks Millions of Customers’ Data, Merit of Bitcoin

A human error led to the leak of millions of customers’ data at an Indian public sector bank, raising questions on the merit of Bitcoin over banks.

State Bank of India, a government-owned corporation, forgot to secure essential server information that held customers’ messages, bank balances, transaction details, and other related details. It allowed anyone who knew where to look the data to access and steal it. A security researcher later detected the unprotected server and alerted TechCrunch with the story.

In retrospective, the passwordless server stored two months of data from SBI Quick. It is a service that supported banking via missed call and SMS. A customer wishing to access his bank details would send a missed call or SMS to SBI from his registered phone number. In return, he/she would receive information about their accounts and finances.

Because of no locks, anyone could gain access to the SBI’s Mumbai server. Therefore, he could access customers’ registered numbers, their account details, and recent transactions.

SBI’s Response

SBI’s official Twitter handle declared that they were investigating the “alleged” incident. The bank said that it would release an official statement soon after they complete their investigation.

Nevertheless, the Indian bank didn’t respond to the screenshots of the leaks presented by TechCrunch, the media source of the story. There was also no outcry from the SBI customers – at least in response to their tweet – which could mean that not many people know about the data leak.

Amusingly, a person was seen asking details about SBI’s home loan procedure right under their official statement.

Social Engineering Attacks

A malicious actor could any day publicize the SBI customers’ banking details, or sell it to hackers via underground marketplaces online. Such information could be used primarily against people who hold higher account balances. Meanwhile, knowing their phone numbers could enable hackers to orchestrate social engineering attacks. The practice is already pretty standard across the world whereby hustlers siphon off money via human interactions.

However, a security team regularly carries out penetrating testing that uses social engineering routines. SBI must have a group dedicated to detecting these threats firsthand. But realizing that it is the second time in the past 12 months whereby SBI mishandled customers’ data, the bank has begun to appear insincere. The last time it happened, SBI’s lapse had led to the creation of fake Aadhaar identity cards (India’s equivalent of social security numbers).

Bitcoin Projected as Solution

Anthony “Pomp” Pompliano was quick to highlight the incompetence of mainstream banks after the SBI report went out. The Morgan Creek’s founder said in a tweet that only decentralized financial institutions could provide the best security to customers.

“Long Bitcoin, Short the Bankers,” he stressed.

The sentiment puts forward a view that is quite popular in the internet pop culture. It propagates bitcoin as a messiah for financial independence and privacy. With banks, a customer always needs to put his personal information at stake to use a commercial service. However, a bitcoin consumer does not need to provide an ounce of his private information for the same service.

The contrast itself makes Bitcoin a better alternative to banking methods. It allows users to create their self-sovereign identities which they control and manage by themselves. So, instead of sharing them with a bank to do the necessary financial task, these users can merely rely on a decentralized network of nodes to do the same thing – by paying a small fee – without ever requiring to publicize their identities with them.

With a bank broken down into hundreds of thousands of servers, a bitcoin protocol also makes it difficult for hackers to locate a single point of failure.

In conclusion, SBI needs to up its game before its customers actually “short” it.

Exit mobile version