India’s largest bank SBI leaked account data on millions of customers

Discussion in 'other security issues & news' started by mood, Jan 30, 2019.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,782
    India’s largest bank SBI leaked account data on millions of customers
    January 30, 2019
    https://techcrunch.com/2019/01/30/state-bank-india-data-leak/
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,755
    Really? No password?

    I wonder why they would do that. Maybe it simplified integration with other stuff?
     
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,782
    Perhaps the administrator has "forgot" to password-protect the server and the auditor of SBI's servers overlooked it or wasn't qualified enough :cautious: (as mentioned in the next article)

    SBI Investigates Reported Massive Data Leak
    January 31, 2019
    https://www.bankinfosecurity.com/sbi-investigates-reported-massive-data-leak-a-11986
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,755
    I've configured lots of servers. I can't imagine creating a login account without a strong password. I suppose that root accounts that are restricted to key-based logins would be OK, but even then I'd assign passwords. In some cases, I use SSH keys without passphrases, when I need to automate stuff. But I'd never share those keys with other management machines.

    I mean, you'd need to go out of your way to avoid setting passwords.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.