According to cyber security firm CyberX9, a vulnerability in the server of Punjab National Bank (PNB) allegedly exposed the personal and financial information of its about 180 million customers for about seven months. The vulnerability provided access to the entire digital banking system of PNB with administrative control. Meanwhile, the bank has confirmed the glitch but denied any exposure of critical data.
The bank has confirmed about the glitch but denied any exposure of critical data due to the vulnerability. PNB said "customer data/applications are not affected due to this" and "server has been shut down as a precautionary measure."
CyberX9 founder and MD Himanshu Pathak said that that vulnerability was found in an exchange server which is interconnected with other exchanges and shares all access -- including access to all email addresses which results in access to all email addresses.
"The vulnerability which we discovered was leading to the highest level of admin privilege in PNB's exchange servers. If you gain access to Domain Controller through an exchange server then the doors very easily open to make any computer accessible in the network. These computers even include those that are being used in their branches and other departments," Pathak said.
Responding to the cyber security firm’s comment, PNB said, "The server wherein the vulnerability was reported, was being used as one of the multiple Exchange Hybrid servers used to route emails from On-prem to Office 365 Cloud. There is no sensitive/critical data in this server."
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
