KCB Hacked! Massive data breach as 500,000 customer details, including their names and phone numbers appear online

2753

Burundian Programmer Exposes KCB System Security Flaw As Customer Details Emerge Online. Kenya Commercial Bank, one of Kenya’s largest banks by customer numbers, appears to have suffered a massive data breach as a file with the details of more than 500,000 customers, including their names and phone numbers appeared online. Chris explains that the data was collected from an ‘information leakage vulnerability’, where a flaw in the KCB app gave him access through a Python injection to sensitive data, including the technical details of the Web application, environment, or specific data of the user.

KCB 500000 accounts user information hacked database
KCB 500000 accounts user information hacked database

These revelations come as KCB customers report unsolicited text messages reportedly coming from the bank offering loans at low interest rates.
cuzp_bjxyaakaru

cuznecqxgaaaovi

While the bank has taken steps to alert customers about potential fraud through the text messages, this vulnerability could explain how the customer data was obtained in the first place.

KCB Has responded to the claims saying all customer data is safe.


KCB has released the following statement

KCB Group allays concern on alleged data breach

KCB Group is aware of claims of an alleged data breach in one of its systems.

An investigation points to malicious misinformation that has caused concern amongst some of our customers. The alleged customer data breach has been found to be false.

We wish to assure all our customers that our platforms and data are highly secured. KCB Group systems including the mobile App have been extensively tested and validated by our internal and the best external data security experts. Multiple layers of encryption, private keys and unique authentication are among the key embedded data security features that safeguard our mobile app.

There is no breach to our systems.

The bank is working with the relevant authorities to take the necessary legal action against the parties who originated this misinformation.

Our commitment as a trusted partner is to continually offer secure and best in class banking experience using new technology.

 

Please like our Facebook page