Latest Data Leak: State Bank of India

3 min read

Most recently, yet another company faced with a new data leak alert, not even a month after the “Collection1#” data breach. This time, the reason behind this huge data leak was determined to be the unprotected servers of India’s largest bank and its high-ranking company SBI, which hosts globally more than 500 million customers’ 740 million accounts. SBI’s exposed servers were that of SBI Quick, the bank’s SMS service that enables its users to reach their bank accounts, last transactions, loan queries, etc. via the text message system.

SBI Quick, the bank’s SMS service, enable SBI’s customers to text the bank, or make a missed call, to retrieve information back by a text message about their finances and accounts. The text message system was designed to provide a wide range of opportunities for millions of banking customers who don’t use a smartphone or have limited data services. For example, through the system, when a password that is previously used is reutilized, the customer’s registered phone number can be recognized by the bank’s SMS service and it’s possible for the service to send the current amount back to that customer’s bank account. At the same time, the system makes it more comfortable to revise the last five transactions, block an ATM card and make inquiries about home or car loans.

A security researcher, Karan Saini told Techcrunch about SBI data leak after discovering the flaw in the bank’s server. He said that “the data could potentially lead to financial fraud or used by attackers to identify high-value targets based on their current bank balance, given that the unprotected server is also exposed to information like bank balances and phone numbers of SBI Bank customers.” However, it should be kept in mind that the data leak in SBI is not the first in India. There had been another data leak in India’s Aadhaar, the country’s national identity database last year.

As we discover more and more attacks to database systems by hackers happening almost every day now, where many users are either losing their accounts or being wronged by these attacks, they end up suffering massive outcomes that are related to their loss of privacies and securities. So, what should be made to improve cybersecurity measures in the digital age?

 

“Disruptive” technology to prevent data leak

As an innovative set of protocols and cryptographic methods, Blockchain technology has been used to challenge the existing financial system based on the umpiring of the third party like banks in any transaction activity after realizing the inadequacy of traditional banking system in the financial crisis of 2008.

In this technology, a centralized server or monitoring system is completely eliminated, where a concentration of power and control is not needed to validate financial transactions. Any transaction activity can be realized by the algorithms realized with the consensus of the decentralized network existing in the related Blockchain infrastructure. In other words, the network decides and verifies the transactions by the majority of its hashing power to reach the aforementioned “consensus”. Each block is added and stored in the network to keep to network continuously updated and in check. Since access is only given to those that meet certain predefined requirements of the network, institutions can share the same databases instead of having to create their own private databases.

It’s safe to say that Blockchain technology can ensure that data cannot be damaged, stolen or lost through as long as it remains in its infrastructure which consists of distributed and decentralized computers. In these decentralized record-keeping mechanisms, when a hacker tries to tamper with a block, the whole system analyzes every single block of data to detect the one that differs from the majority of the network and as a next step, it immediately excludes “false” data from the chain.

So, we can consider the blockchain technology to be a “disruptive” innovation rather than an innovative disruption that transforms the system of storing and sharing information online that we’ve discovered so far. That’s why most of the companies in different sectors have started to embrace blockchain technology to prevent fraudulent activity and increase data protection.

 

Colendi prevents “Fraud” with Colendi ID

As a microcredit and credit-scoring platform, Colendi can prevent fraud and protect its customers’ various data utilizing the blockchain infrastructure. Colendi provides a self-sovereign and digital identity for its users with the help of its highly developed credit scoring mechanisms. Colendi gives its users this identity and full control over it along with their relevant information in a private and protected model. The whole operation is carried out by the smart contracts deployed on the decentralized Ethereum Blockchain. When a user logs in to the Colendi application, only their Colendi ID is shared with the other users on the network to keep their entire data private. It means that access to identity parameters is only made possible by user-owned smartphone and a private key that was given to the user during registration. This is 100% different than the current methodologies banks practice and gives full security.

Colendi also creates a mechanism preventing “fraud” to introduce another layer of data protection. Both current and historical data are processed via intelligent algorithms. Therefore, unreliable users, as well as fraud operations, are also detected within the Colendi network to enhance the overall security and reliability of the protocol. One of the main tools enhancing the security to achieve security in the Colendi ecosystem is the slashing mechanism. This is a penalty mechanism designed to punish bad actors. This mechanism serves also as an extra safety measure. Colendi introduces slashing conditions to protect each party as well as the protocol from any imposture and privacy-violating act and to enable the data integrators to provide the congruity of their networks until the completion of the validation of each lending cycle in the ecosystem. With a rounded solution to data hacks, an easy to use interface and a solution for the unbanked, blockchain projects like Colendi will mark the beginning of a new era of private data handling and complete security.

 

 

Sources

https://economictimes.indiatimes.com/industry/banking/finance/banking/sbi-denies-data-leak-charges-but-customers-be-on-alert/articleshow/67779161.cms

https://www.finextra.com/newsarticle/33290/indian-banks-password-failure-exposes-customer-account-data—techcrunch

http://www.diva-portal.org/smash/get/diva2:1261397/FULLTEXT01.pdf

https://www2.deloitte.com/global/en/pages/financial-services/articles/gfsi-disruptive-innovation-blockchain.html

https://blog.colendi.com/collection-1-data-breach-details/

 

 

We will keep on working hard for the Colendi Project and keep you updated. Keep following us!

http://social.colendi.com/ios-beta-dapp

Leave a Reply

Your email address will not be published. Required fields are marked *

X

JOIN OUR COMMUNITY

Telegram

JOIN

WHITEPAPER

© 2018 Colendi - All rights reserved.