India’s largest bank SBI leaked account data on millions of customers January 30, 2019 https://techcrunch.com/2019/01/30/state-bank-india-data-leak/
Really? No password? I wonder why they would do that. Maybe it simplified integration with other stuff?
Perhaps the administrator has "forgot" to password-protect the server and the auditor of SBI's servers overlooked it or wasn't qualified enough (as mentioned in the next article) SBI Investigates Reported Massive Data Leak January 31, 2019 https://www.bankinfosecurity.com/sbi-investigates-reported-massive-data-leak-a-11986
I've configured lots of servers. I can't imagine creating a login account without a strong password. I suppose that root accounts that are restricted to key-based logins would be OK, but even then I'd assign passwords. In some cases, I use SSH keys without passphrases, when I need to automate stuff. But I'd never share those keys with other management machines. I mean, you'd need to go out of your way to avoid setting passwords.