One of India’s premier banking institutions, the Housing Development Finance Corporation Limited, popularly known as the HDFC bank has reported suffered a hack affecting its customer database system. Citing a threat of a critical level was discovered on the 15th July, 2011 by team zSecure. News of the vulnerability was immediately notified to the bank by the zSecure team through an email. A vulnerability called - Hidden SQL Injection Vulnerability had apparently gripped HDFC's bank's customer database. According to the blog post by zSecure, the vulnerability allowed the hackers to have total control of the information they wished to plunder. Hackers could create a dump and easily carry out shell uploading, too.
The affected database (Image credit: zSecure)
The post further revealed that the mail notifying the bank of the critical vulnerabilities was replied to, a good 22 days later. Furthermore, the reply mail stated that they (HDFC bank) had looked into the vulnerability and had fixed it, which later was proved to be a false claim. A reply to the second mail read, "We have remediated all the vulnerability reported on our website. Also we have got the application vulnerability assessment performed through one of our third party service provider and they confirmed that there are no more SQL Injection vulnerability."
The zSecure post ended with an optimistic - ".....finally the vulnerable file was removed from HDFC’s web-server."
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
