HDFC Bank one of the top private banks in India and TimesofMoney, India’s leading digital payment service provider owned by Times Group Company seems to be facing a serious vulnerability in its website database which is prone to hack attack. A group called zSecure Team has warned both this providers about a critical SQL Injection Vulnerability on their website database which if exploited by a hacker or attacker could gain access to the Banking website’s entire database which may contain huge amounts of confidential personal and financial data of the customers.

According to a report by The HackerNews zSecure group claims that this vulnerability may prove to be very critical for the company because TimesofMoney is India’s one of the leaders in e-payment gateway system and also the service been used by many Indian banks . Existence of such a critical flaw in company’s website may cause a huge problem to the reputation of the company and also it may raise serious security concern about the service.

TimesofMoney and HDFC Bank Vulnerable to Website database Hack Attack
TimesofMoney and HDFC Bank Vulnerable to Website database Hack Attack

The group have also discovered similar vulnerability in HDFC Bank’s website and says they have informed the companies about this .They have left a message saying  “We discovered alike vulnerability in HDFC Bank’s Website as well and issued them a similar advisory. But even after couple of weeks of sending our advisory to the bank, the said vulnerability is still open for outside attacks. If the said vulnerability doesn’t get fixed by the bank as an earliest then our next post may disclose that concerned vulnerability publically.We hope that both the companies (timesofmoney and HDFC Bank) will take immediate actions to fix the reported vulnerabilities”

Hopefully by this exposure from the zSecure group, these companies would fix these vulnerabilities in time and also implement more security measures on their websites, to prevent any future hacking attacks.

Do comment your views on this report.

You're currently offline