Burundian Programmer Exposes KCB System Security Flaw As Customer Details Emerge Online. Kenya Commercial Bank, one of Kenya’s largest banks by customer numbers, appears to have suffered a massive data breach as a file with the details of more than 500,000 customers, including their names and phone numbers appeared online. Chris explains that the data was collected from an ‘information leakage vulnerability’, where a flaw in the KCB app gave him access through a Python injection to sensitive data, including the technical details of the Web application, environment, or specific data of the user.
These revelations come as KCB customers report unsolicited text messages reportedly coming from the bank offering loans at low interest rates.
While the bank has taken steps to alert customers about potential fraud through the text messages, this vulnerability could explain how the customer data was obtained in the first place.
KCB Has responded to the claims saying all customer data is safe.
@iafrikan KCB Bank is aware of claims of data breach in one of our systems. All our Customers’ data and platforms are safe.
^HG— KCB Group (@KCBGroup) October 20, 2016
KCB has released the following statement
KCB Group allays concern on alleged data breach
KCB Group is aware of claims of an alleged data breach in one of its systems.
An investigation points to malicious misinformation that has caused concern amongst some of our customers. The alleged customer data breach has been found to be false.
We wish to assure all our customers that our platforms and data are highly secured. KCB Group systems including the mobile App have been extensively tested and validated by our internal and the best external data security experts. Multiple layers of encryption, private keys and unique authentication are among the key embedded data security features that safeguard our mobile app.
There is no breach to our systems.
The bank is working with the relevant authorities to take the necessary legal action against the parties who originated this misinformation.
Our commitment as a trusted partner is to continually offer secure and best in class banking experience using new technology.
Please like our Facebook page
