Critical financial and personal information of 180 million Punjab National Bank (PNB) customers was at risk for around seven months due to a vulnerability in the lender's servers, said cybersecurity firm CyberX9. The vulnerability provided access to the entire digital banking system of the bank with administrative control, the agency claimed.
Meanwhile, PNB confirmed that its servers had a glitch, but assured that no critical data was exposed due to it. PNB stated “customer data/applications are not affected due to this" and “server has been shut down as a precautionary measure."
“Punjab National Bank kept severely compromising the security of funds, personal and financial information of over 180 million (all) its customers for about the last 7 months. PNB only woke up and fixed the vulnerability when CyberX9 discovered the vulnerability and notified
PNB through CERT-In and NCIIPC," CyberX9 founder and MD Himanshu Pathak told PTI.
CyberX9 research team discovered a very critical security issue in PNB which was leading to admin access to internal servers hence exposing a massive number of banks' systems nationwide open for cyber-attacks for the last about seven months, Pathak said.
He added that vulnerability was found in an exchange server interconnected with other exchanges and shares all access, including access to all email addresses which results in access to all email addresses.
“The vulnerability which we discovered was leading to the highest level of admin privilege in PNB's exchange servers. If you gain access to Domain Controller through an exchange server then the doors very easily open to make any computer accessible in the network," Pathak said.
“These computers even include those that are being used in their branches and other departments," he further added.
Meanwhile, PNB assured that the affected server had no sensitive or critical data. The bank denied CyberX9's claim on the threat to customer's data due to the vulnerability.
Source: Livemint
No comments:
Post a Comment