Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

The .bank Domain Debacle: A Cautionary Tale of Security Breaches and Vulnerabilities


India's central bank mandated the use of .bank domains to enhance trust, but a recent security breach exposed sensitive information, raising concerns about the effectiveness of the initiative. The breach highlights the need for robust security measures in the financial sector, particularly when introducing new initiatives like .bank domains.

  • The Reserve Bank of India mandated the use of .bank domains to enhance trust among citizens, but a recent security breach has exposed sensitive information.
  • A security researcher discovered that the IDRBT Domain Registration Portal left its entire REST API unsecured, exposing bcrypt password hashes and other personal data of bank employees.
  • 80% of registered .bank.in domains don't use DNSSEC, a critical security protocol, while 40% don't employ DMARC email security protocols.
  • The IDRBT portal went live without a proper security audit and ran without secure APIs for 13 months, leaving it vulnerable to exploitation.
  • Attackers may have accessed senior bank staff credentials, enabling various forms of attacks like DNS spoofing and phishing.


  • India's central bank, mandated the use of .bank domains to enhance trust among citizens, but a recent security breach has exposed sensitive information, raising concerns about the effectiveness of the initiative. The Reserve Bank of India created the .bank.in subdomain in 2025, requiring all local banks to register for and use a bankname.bank.in domain, designed to prevent phishing attacks and make it harder for scammers to impersonate bank officials.

    The entity chosen as the sole registrar of the subdomains, the Institute for Development and Research in Banking Technology (IDRBT), botched the job, leaking sensitive data. A security researcher, Srikanth L, alleged that the IDRBT Domain Registration Portal exposed its entire REST API via 33+ unauthenticated endpoints, allowing anyone with basic programming skills to retrieve bcrypt password hashes, mobile numbers, email addresses, login IPs, and device fingerprints of all 5,576 bank employees trusted with managing India's banking domains.

    The breach was discovered by Srikanth L, who accessed the portal's APIs and found evidence that some Indian banks host websites on shared servers in the United States, Singapore, and Lithuania. He also found that 80 percent of registered .bank.in domains don't use DNSSEC, a critical security protocol that verifies senders' identity, while 40 percent don't employ DMARC email security protocols. Furthermore, many domains are secured with free Let's Encrypt certificates.

    The IDRBT portal went live without a proper security audit and ran without secure APIs for 13 months, leaving it vulnerable to exploitation. Srikanth L disclosed his findings in early June and claimed that the exposed information would help security researchers understand the extent of Indian banking infrastructure, potentially allowing them to identify vulnerabilities and improve security measures.

    However, the open API means that attackers may have accessed and used credentials of senior bank staff, enabling various forms of attacks, including DNS spoofing and phishing. The Reserve Bank of India and IDRBT appear not to have made a public comment on the matter, sparking concerns about their response to the breach.

    The incident highlights the need for robust security measures in the financial sector, particularly when introducing new initiatives like .bank domains. It also underscores the importance of regular security audits and testing to prevent such breaches. As the financial industry continues to evolve, it is essential that regulatory bodies and organizations prioritize security and transparency to protect citizens' sensitive information.

    In conclusion, the .bank domain debacle serves as a cautionary tale about the risks associated with insecure systems and the need for robust security measures in the financial sector. The incident highlights the importance of regular security audits, testing, and transparency in preventing such breaches and protecting citizens' sensitive information.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/The-bank-Domain-Debacle-A-Cautionary-Tale-of-Security-Breaches-and-Vulnerabilities-ehn.shtml

  • https://www.theregister.com/security/2026/06/30/indias-central-bank-mandated-use-of-bank-domains-to-enhance-trust-but-its-registry-leaked-sensitive-info/5264152


  • Published: Wed Jul 1 08:30:04 2026 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us