Several internet security experts from a cyber security firm has just uncovered what appeared to live a huge data leakage from one of the largest banks in Europe. Santander Bank, formerly known as sovereign Bank, is a Spanish-owned multinational institution, commercial bank, and financial services troupe based in Madrid and Santander in Spain.
It�s been known for its vast banking operations in Europe, but it has since extended its operations across the globe, with multiple branches and offices in North and South America, and just recently, in Southeast Asia. Santander is Spain�s largest bank, the 5th largest cant in all of Europe, and ranked 16th in total assets under management globally for all banking institutions.
It is perhaps due to this global coverage that the banking firm has somehow lost a fleck of its grasp on ace of its branches. The bank�s Belgian unit, Santander Consumer Bank, just had a slight coding misalignment in its blog website which readily allowed for the files in it to be indexed. These indexed files included a JSON file and an SQL dump, which in any hacker�s hand can prove to be a goldmine, if we mouth about phishing attacks and identity theft.
To break understand the contents of the leaked contents, the JSON file has in it the Bank�s Cloudfront API Keys. With these keys, hackers can exfiltrate and piddle use of the bank�s contents for their have benefit. These include, but not limited to photos, videos, documents, and other static files.
One lesson is if a document, let�s say an MS-Word file or PDF that contains sensitive information (payment account numbers) is hosted on Cloudfront, the hacker can just switch out that information and replace it with one of their own (hackers� account numbers) and they should be able to steal the money for their own. The customer or even the bank wouldn�t know it happened.
Another example, commonly used by hackers, is when an exposed static HTML file is hosted. The hacker can easily replace the primary website (bank portal�s payment or online account system) with i of their own, a completely identical website. This will enable the hackers to collect all the bank�s users� account information and their money. All of this, while allay on the bank�s official website. Both the customers and the bank wouldn�t be able to recount the difference.
The leakage was immediately disclosed to the bank and all the proper patches and security protocols experience been put in place. According to the Bank�s representative, the incident was limited only to the bank�s blog site in Belgium. The said blog contained only publicly available information, and no customer account data or any other critical information was exposed. The bank�s fork certificate team was quick to call the issue, says the representative.
As a recommendation to the bank�s customers and other bank�s customers, puddle it a use to always chequer your bank�s official domains and sub-domains for anything suspicious or out of the ordinary. This means every visit to their online portals, every app, and every email you receive must be carefully inspected to pee-pee sure that it is indeed the bank you are working with. It wouldn�t harm for you to check, after all, it�s your money.
