bankingIndiaMoney

HDFC Bank gets Hacked – Takes 22 days to fix it!!!

By Arun Prabhudesai
8

Ok – so its not only the Government websites that are getting hacked. According to a blog post published by Zsecure – A serious vulnerability was discovered in HDFC Bank’s online platform, that potentially allowed hackers to gain private information of HDFC Bank’s customers.

Although, it looks like the user information may not have landed in wrong hands – the time taken by HDFC Bank to rectify this issue could literally border on a criminal act. Zsecure guys intimated HDFC on the 17th of July (2 days after the vulnerability was found) and HDFC Bank took full 22 days to fix this issue.

What was even worst is – They did not even respond to Zsecure guys till 8th of August!

HDFC Bank Vulnerability Information

  • Website: www.hdfcbank.com
  • Vulnerability Type: Hidden SQL Injection Vulnerability
  • Database Type: MSSQL with Error
  • Vulnerability Discovered: 15-July-2011
  • Alert Level: Critical
  • Threats: Complete Database Access, Database Dump, Shell Uploading

HDFC Bank Vulnerability Screenshots [User Information]

HDFCBank_hacked-1

 

HDFCBank_hacked

[More screenshots here]

I have always regarded HDFC as one of the Best Banks in India, and also the one who provide top class online banking services. They are the ones who have maximum online transactions of all the banks in India as well! It is shame that such serious vulnerabilities exists and private user information is unsafe!

Arun Prabhudesai 1553 posts 854 comments

Arun Prabhudesai is founder / chief editor at trak.in. He jumped the Entrepreneurship bandwagon in early 2008 after a long 13 year stint in I.T Industry. You can follow him on twitter @trakin and Facebook.
Arun’s Google+ Profile

8 Comments
  1. Mitesh Muley says

    I would had never thought that HDFC bank would have such kind of security flaw.

    Reply
  2. Chandrakant Deshmukh says

    This is really a serious issue for customers like us. Hidden SQL Injection Vulnerabilities can be avoided with proper testing with various online platforms. It is much assumed that HDFC is serious about customer data security and taking additional measures to secure it. Unfortunately such in incidents shake customer's confidence.

    Thanks for sharing this info!

    Reply
  3. Kishori Ray says

    I am always skeptical about online banking, thus I never entered it.
    There are many hacking lessons on youtube, orkut and allover the net. No one bothers to flag them or report them. I am just wondering each time when I take money from the ATM when is going to get hacked.The internet was never and will be never a safe place for any kind of confidential information, best is to avoid online banking altogether.

    Reply
  4. Aman Gupta says

    O.o :O obc!

    Reply
  5. Sumit Ghosh says

    wow! This shows how serious are Indian Banks about customer's data and security.

    Reply
  6. Robinsh Kumar says

    I am also the frequent user of HDFC Bank online services for shopping and other payments, so it's also hacked – we are using a risky business but there is no other option to choose, and anyone can go under hackers attack bcoz it's normal now.

    Thanks for putting this Information.
    at our screen!

    Reply
  7. Vaibhav Deshpande says

    this sucks :.

    Reply
    1. Vikrant Malik says

      obc :|

      Reply

Reply To Robinsh Kumar
Cancel Reply

Your email address will not be published.

who's online