Santander Bank in Europe was exposed to hackers and phishing attacks

June 4, 2020
Santander Bank data leakage compromised data phishing attacks antiphishing

Several internet security experts from a cyber security firm has just uncovered what appeared to be a huge data leakage from one of the largest banks in Europe. Santander Bank, formerly known as Sovereign Bank, is a Spanish-owned multinational institution, commercial bank, and financial services company based in Madrid and Santander in Spain.

It’s been known for its vast banking operations in Europe, but it has since extended its operations across the globe, with multiple branches and offices in North and South America, and just recently, in Southeast Asia. Santander is Spain’s largest bank, the 5th largest bank in all of Europe, and ranked 16th in total assets under management globally for all banking institutions.

It is perhaps due to this global coverage that the banking firm has somehow lost a bit of its grasp on one of its branches. The bank’s Belgian unit, Santander Consumer Bank, just had a slight coding misalignment in its blog website which readily allowed for the files in it to be indexed. These indexed files included a JSON file and an SQL dump, which in any hacker’s hand can prove to be a goldmine, if we talk about phishing attacks and identity theft.

To better understand the contents of the leaked contents, the JSON file has in it the Bank’s Cloudfront API Keys. With these keys, hackers can exfiltrate and make use of the bank’s contents for their own benefit. These include, but not limited to photos, videos, documents, and other static files.

One example is if a document, let’s say an MS-Word file or PDF that contains sensitive information (payment account numbers) is hosted on Cloudfront, the hacker can just switch out that information and replace it with one of their own (hackers’ account numbers) and they should be able to steal the money for their own. The customer or even the bank wouldn’t know it happened.

Another example, commonly used by hackers, is when an exposed static HTML file is hosted. The hacker can easily replace the primary website (bank portal’s payment or online account system) with one of their own, a completely identical website. This will enable the hackers to collect all the bank’s users’ account information and their money. All of this, while still on the bank’s official website. Both the customers and the bank wouldn’t be able to tell the difference.

The leakage was immediately disclosed to the Bank and all the proper patches and security protocols have been put in place. According to the Bank’s representative, the incident was limited only to the bank’s blog site in Belgium. The said blog contained only publicly available information, and no customer account data or any other critical information was exposed. The bank’s branch security team was quick to address the issue, says the representative.

As a recommendation to the bank’s customers and other bank’s customers, make it a habit to always check your bank’s official domains and sub-domains for anything suspicious or out of the ordinary. This means every visit to their online portals, every app, and every email you receive must be carefully inspected to make sure that it is indeed the bank you are working with. It wouldn’t harm for you to check, after all, it’s your money.

About the author

Leave a Reply