In the past few days, ICICI Bank has issued over 17,000 new credit cards, many of which have been incorrectly linked to incorrect customers across digital platforms. That is to say, because of this bug in the ICICI Bank 'iMobile' app, users might see information on other customers' credit cards. This information was released by the bank on Thursday, April 25.
According to a representative of ICICI Bank, the second-biggest lender in the nation, there have been no reports of any abuse incidents as a result of this miscalculation. Nonetheless, the bank has pledged to make up for the monetary loss if this occurs to any other users in the future.
Social media users informed the bank of this security lapse.
Since yesterday evening, a few customers of ICICI Bank's "iMobile" mobile banking app have notified the bank via social media about this security vulnerability. The bank has since fixed this issue, though. Just 0.1% of the bank's whole credit card portfolio is made up of the 17,000 credit cards.
17,000 credit cards have been stopped; users will receive new cards.
A bank representative declared, "We are taking immediate action to address this situation." All 17,000 of these credit cards have been stopped, and the impacted clients are getting new cards. We sincerely regret any inconvenience this has given our clients.
The bank released a statement in response to rumors that its iMobile app had a security hole that was affecting some users. Users were exposed to information about other customers' credit cards as a result of this vulnerability.
Large security hole in the iMobile app for ICICI Bank: Regarding this ICICI Bank security vulnerability, Sumant Mandal, the founder of Technofino and Credit Pedia, posted on social networking site X. 'Significant security vulnerability in ICICI Bank's iMobile application,' he wrote. Numerous consumers have expressed dissatisfaction at the visibility of information about other customers' ICICI Bank credit cards on their app.
'The other customer's international transaction settings may also be adjusted, and the app displays their full card number, expiration date, and CVV,' added Sumant Mandal. Anyone can exploit this information to perform foreign transactions extremely easily in such a case.
The RBI should examine ICICI Bank's security measures.
"I appeal to ICICI Bank to fix this problem as soon as possible," stated Sumantha Mandal. Additionally, the RBI is urged to examine ICICI Bank's security measures.
Sumantha uploaded screenshots of numerous individuals with this post. A user reported in these screenshots that he was able to conduct international transactions with the data obtained via the iMobile app, even with the OTP limitation on domestic transactions.
The RBI has taken action against Kotak Mahindra Bank the day before.
The RBI had already taken action against Kotak Mahindra Bank the day prior, which is when this news was released. Because Kotak Mahindra Bank consistently disregarded IT regulations, the RBI immediately prohibited the bank from accepting new clients through online and mobile banking as well as from issuing credit cards.