Indian HDFC Bank deposits millions in customers’ accounts by mistake. Hacking incident or just a software flaw?

Last weekend, HDFC Bank clients received a message showing a non-exact balance in their accounts, making them believe they had received a huge amount of money for free, even toping Rs 130 million.

The incident was informed to Chennai Police by a concerned customer, as he feared his bank account could have been breached by malicious parties. Local authorities contacted the client’s branch managers, who late explained that transfer notification messages were wrongly sent to multiple users, causing confusion and requiring a software patch.

Eventually, dozens of users began making social media posts about the incident: “My HDFC Bank account showed a balance of Rs 2.4 million yesterday morning,” a customer of the banking institution said via Twitter.

After multiple complaints, the bank’s official account on Twitter started a customer service process through the social platform:

At the time of writing, nearly 100 accounts affected by this strange security incident were known. Most of the error messages showed a balance of Rs 130 million, although the alleged amounts paid varied between the different users affected.

In an update published a few hours later, a representative of the bank confirmed that everything was due to a technical failure during a routine maintenance process to the bank’s computer systems, completely ruling out the hypothesis of a cyberattack, which had feared hundreds of customers. 

Bank employees took additional measures, such as temporarily blocking the affected accounts: “There was no money deposited in these accounts, but to be sure, we restricted movements until the problem was fixed,” the spokesperson added.

By Monday morning, the bank had already reinstated restricted features for 80% of affected users. HDFC Bank will publish a supplementary report once the investigations are concluded.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.