Saturday, 24 November 2018

Indian Mutual Fund Customer Data Is On Risk | Mutual Funds Vulnerability

Indian Mutual Fund Customer Data Is On Risk | Mutual Funds Vulnerability

Mutual Funds in India is growing today and most of the people are investing some part of income for a better future and creating a good wealth through SIP and LumpSum. In India we have around 34 AMCs out there. While Investing users need to submit their data ex. Name, Email, Address, PAN, Aadhar Number etc. details to AMCs for KYC process. Having those kind of Critical Details of customers can be useful for Cyber Criminals to get their hands on it for fraud and other criminal activities.

I also invested in number of AMCs for better wealth in future . While browsing AMCs Applications what I have found that AMCs are not taking their Security Seriously which putting Customers Data on the Risk.

While my research I was able to VIEW and MODIFY data ex. Name, Email, PANCARD, Aadhar Number,  of other users EVEN I WAS ABLE TO RESET ANY USER PASSWORD WITHOUT ANY USER INTERACTION.(Tested on my Relatives Account with their permission 😅 )

For an instance, below we can see the customer details. 

Personally I contact with many AMCs ethically regarding this issue and they were able to fix this immediately within a few days and hours due to very criticality of the vulnerability :)  In the response they appreciated my efforts.

All AMCs asked me what I want "I believe they though I will demand some money" but I told them As A Responsible Person I found this issue and as a feedback I informed with you; After all Its My Duty To Make Cyber World More Secure.

I hope this post may force AMCs to open their eyes to improve Security for their Customers Data.

No comments:

Post a Comment