Security · 5h ago
India's .bank domain mandate backfires as registry leaks sensitive data
India's central bank required banks to use .bank domains to boost trust, but the registry's open API exposed sensitive information like names, phone numbers, and email addresses of bank officials. The leak could enable attackers to impersonate bank staff. The flaw was discovered by security researchers and highlights risks in mandated domain systems.
Meridian48 take
The mandate aimed to improve security but instead created a centralized honeypot of sensitive data, underscoring how top-down tech policies can backfire without rigorous implementation.
Read the full reporting
India’s central bank mandated use of .bank domains to enhance trust – but its registry leaked sensitive info →
The Register
data-breachdomain-security