India’s central bank mandated use of .bank domains to enhance trust – but its registry leaked sensitive info
Summary
India's central bank mandated the use of .bank domains for financial institutions to improve trust, but the registry for these domains has suffered a data leak. The leak exposed sensitive information, including API keys, that could be exploited for impersonation attacks.
IFF Assessment
The leak of sensitive information from the .bank domain registry is bad news for defenders as it provides attackers with the means to impersonate bank officials.
Defender Context
This incident highlights the importance of securing critical infrastructure like domain registries, even those designed for enhanced security. Defenders should be vigilant for potential phishing and impersonation attempts that leverage leaked information from such sources. Organizations using .bank domains should verify their security practices and monitor for any signs of compromise.