A human error led to the leak of millions of customers’ data at an Indian public sector bank, raising questions on the merit of Bitcoin over banks.
State Bank of India, a government-owned corporation, forgot to secure essential server information that held customers’ messages, bank balances, transaction details, and other related details. It allowed anyone who knew where to look the data to access and steal it. A security researcher later detected the unprotected server and alerted TechCrunch with the story.
In retrospective, the passwordless server stored two months of data from SBI Quick. It is a service that supported banking via missed call and SMS. A customer wishing to access his bank details would send a missed call or SMS to SBI from his registered phone number. In return, he/she would receive information about their accounts and finances.
Because of no locks, anyone could gain access to the SBI’s Mumbai server. Therefore, he could access customers’ registered numbers, their account details, and recent transactions.
SBI’s official Twitter handle declared that they were investigating the “alleged” incident. The bank said that it would release an official statement soon after they complete their investigation.
In light of the recent news item, regarding an alleged data incident, please find below our statement: pic.twitter.com/mu4xn12QgL
— State Bank of India (@TheOfficialSBI) January 31, 2019
Nevertheless, the Indian bank didn’t respond to the screenshots of the leaks presented by TechCrunch, the media source of the story. There was also no outcry from the SBI customers – at least in response to their tweet – which could mean that not many people know about the data leak.
Amusingly, a person was seen asking details about SBI’s home loan procedure right under their official statement.
Social Engineering Attacks
A malicious actor could any day publicize the SBI customers’ banking details, or sell it to hackers via underground marketplaces online. Such information could be used primarily against people who hold higher account balances. Meanwhile, knowing their phone numbers could enable hackers to orchestrate social engineering attacks. The practice is already pretty standard across the world whereby hustlers siphon off money via human interactions.
However, a security team regularly carries out penetrating testing that uses social engineering routines. SBI must have a group dedicated to detecting these threats firsthand. But realizing that it is the second time in the past 12 months whereby SBI mishandled customers’ data, the bank has begun to appear insincere. The last time it happened, SBI’s lapse had led to the creation of fake Aadhaar identity cards (India’s equivalent of social security numbers).
Bitcoin Projected as Solution
Anthony “Pomp” Pompliano was quick to highlight the incompetence of mainstream banks after the SBI report went out. The Morgan Creek’s founder said in a tweet that only decentralized financial institutions could provide the best security to customers.
The State Bank of India just leaked sensitive banking data on millions of customers.
This is just another reason why we need decentralized financial institutions.
Long Bitcoin, Short the Bankers!
— Pomp 🌪 (@APompliano) January 30, 2019
“Long Bitcoin, Short the Bankers,” he stressed.
The sentiment puts forward a view that is quite popular in the internet pop culture. It propagates bitcoin as a messiah for financial independence and privacy. With banks, a customer always needs to put his personal information at stake to use a commercial service. However, a bitcoin consumer does not need to provide an ounce of his private information for the same service.
The contrast itself makes Bitcoin a better alternative to banking methods. It allows users to create their self-sovereign identities which they control and manage by themselves. So, instead of sharing them with a bank to do the necessary financial task, these users can merely rely on a decentralized network of nodes to do the same thing – by paying a small fee – without ever requiring to publicize their identities with them.
With a bank broken down into hundreds of thousands of servers, a bitcoin protocol also makes it difficult for hackers to locate a single point of failure.
In conclusion, SBI needs to up its game before its customers actually “short” it.