Ok – so its not only the Government websites that are getting hacked. According to a blog post published by Zsecure – A serious vulnerability was discovered in HDFC Bank’s online platform, that potentially allowed hackers to gain private information of HDFC Bank’s customers.
Although, it looks like the user information may not have landed in wrong hands – the time taken by HDFC Bank to rectify this issue could literally border on a criminal act. Zsecure guys intimated HDFC on the 17th of July (2 days after the vulnerability was found) and HDFC Bank took full 22 days to fix this issue.
What was even worst is – They did not even respond to Zsecure guys till 8th of August!
HDFC Bank Vulnerability Information
- Website: www.hdfcbank.com
- Vulnerability Type: Hidden SQL Injection Vulnerability
- Database Type: MSSQL with Error
- Vulnerability Discovered: 15-July-2011
- Alert Level: Critical
- Threats: Complete Database Access, Database Dump, Shell Uploading
HDFC Bank Vulnerability Screenshots [User Information]
[More screenshots here]
I have always regarded HDFC as one of the Best Banks in India, and also the one who provide top class online banking services. They are the ones who have maximum online transactions of all the banks in India as well! It is shame that such serious vulnerabilities exists and private user information is unsafe!
I would had never thought that HDFC bank would have such kind of security flaw.
This is really a serious issue for customers like us. Hidden SQL Injection Vulnerabilities can be avoided with proper testing with various online platforms. It is much assumed that HDFC is serious about customer data security and taking additional measures to secure it. Unfortunately such in incidents shake customer's confidence.
Thanks for sharing this info!
I am always skeptical about online banking, thus I never entered it.
There are many hacking lessons on youtube, orkut and allover the net. No one bothers to flag them or report them. I am just wondering each time when I take money from the ATM when is going to get hacked.The internet was never and will be never a safe place for any kind of confidential information, best is to avoid online banking altogether.
O.o :O obc!
wow! This shows how serious are Indian Banks about customer's data and security.
I am also the frequent user of HDFC Bank online services for shopping and other payments, so it's also hacked – we are using a risky business but there is no other option to choose, and anyone can go under hackers attack bcoz it's normal now.
Thanks for putting this Information.
at our screen!
this sucks :.
obc :|