Security vulnerability exposed in India's .bank.in domain registration portal
UNVERIFIED·Primary source · The Register
A security researcher discovered that the IDRBT portal for .bank.in domains exposed sensitive data via unauthenticated REST APIs.
Data of over 5,500 bank employees, including credentials and contact info, was potentially accessible.
The vulnerability persisted for 13 months before being fixed in June 2026.
Key Facts
01
01 — What / Thesis
Security vulnerability exposed in India's .bank.in domain registration portal
02
02 — Who / Subject
IDRBT (Institute for Development and Research in Banking Technology)
03
03 — Where / Locus
India
04
04 — When / Temporality
Early June 2026
AI Verification Note
This article is generated by cross-referencing multiple sources and official announcements. Parts relying solely on testimony or reporting are reflected in the confidence score; content and assessment are updated as new information is confirmed.
