Security is one of the most important concerns for online portals and especially for Banks. HDFC bank which is one of the largest banks in India, was a victim of one of the security issues.
The customer database of HDFC bank was hacked and it took the bank 22 days to respond to such critical situation. Few days before, we saw the incident of CCAvenue being hacked, but now it was turn for HDFC bank.
According to zSecure, the hackers were able to access the entire database of HDFC which is very sensitive. The database had a critical SQL injection vulnerability which the hackers were able to exploit.
The vulnerability was seen on 15-July-2011 and finally after 22 days, the issue was finally fixed. It shows the carelessness, we would say, to fix such the issue taking so much time.
Following are the details:
- Website: www.hdfcbank.com
- Vulnerability Type: Hidden SQL Injection Vulnerability
- Database Type: MSSQL with Error
- Vulnerability Discovered: 15-July-2011
- Alert Level: Critical
- Threats: Complete Database Access, Database Dump, Shell Uploading
- Current status: Fixed.