Ok – so its not only the Government websites that are getting hacked. According to a blog post published by Zsecure – A serious vulnerability was discovered in HDFC Bank’s online platform, that potentially allowed hackers to gain private information of HDFC Bank’s customers.
Although, it looks like the user information may not have landed in wrong hands – the time taken by HDFC Bank to rectify this issue could literally border on a criminal act. Zsecure guys intimated HDFC on the 17th of July (2 days after the vulnerability was found) and HDFC Bank took full 22 days to fix this issue.
What was even worst is – They did not even respond to Zsecure guys till 8th of August!
HDFC Bank Vulnerability Information
- Website: www.hdfcbank.com
- Vulnerability Type: Hidden SQL Injection Vulnerability
- Database Type: MSSQL with Error
- Vulnerability Discovered: 15-July-2011
- Alert Level: Critical
- Threats: Complete Database Access, Database Dump, Shell Uploading
HDFC Bank Vulnerability Screenshots [User Information]
[More screenshots here]
I have always regarded HDFC as one of the Best Banks in India, and also the one who provide top class online banking services. They are the ones who have maximum online transactions of all the banks in India as well! It is shame that such serious vulnerabilities exists and private user information is unsafe!