Report Top European bank Santander leaks sensitive data on website that could help phishing campaign

Press Release

Report: Top European bank Santander leaks sensitive data on website that could help phishing campaigns

OpinePR 🎯 The cybersecurity analysts at CyberNews ( – a leading cybersecurity news and analysis website) have discovered that Santander, the 5th largest bank in Europe and the 16th largest in the world, was leaking sensitive company data due to a misconfiguration on its website. The bank controls approximately $1.4 trillion in total assets globally and has a $69.9 billion total market capitalization on the Euro Stoxx 50 stock market index.

We discovered that Santander’s Belgian branch, Santander Consumer Bank, has a misconfiguration in its blog domain that allowed for its files to be indexed. The indexed files include an SQL dump and a JSON file that can be used by hackers to phish Santander’s bank customers.

The JSON file contained Santander’s Cloudfront API keys. By getting these keys, hackers can swap out Santander’s real content – images, videos, documents and other static files – for their own. This means that:

· if a PDF or Word document was hosted on Cloudfront, and this document contained sensitive information – such as what accounts a customer should send money to – then the hacker would be able to switch that document out with their own version. In that way, they’d be able to change the real account number to his own, and thereby steal the customer’s money.

· if a static HTML file was hosted, then the hacker would be able to switch that out with an entire webpage, allowing them to create a phishing page to steal the user’s financial information, all while on Santander’s official Belgian domain.

We notified Santander of the misconfiguration immediately on April 15, and they seem to have fixed it now. When asked for comment, a Santander Consumer spokesperson said:

“The incident highlighted relates specifically to the Santander Consumer Bank Belgium blog only. The blog contains only public information and articles, and therefore no customer data or critical information from the blog has been compromised. Our security team has already fixed the issue to ensure the blog is secure.”

Senior Researcher Bernard Meyer provides the following recommendation: “For Santander’s customers, as well as all other banking customers, we’d recommend that you always check the domain and subdomain that a suspicious bank email is sending you to. Make sure that the domain is the bank’s real domain, but also know that important financial information requests would never be hosted on the blog subdomain of a bank.

For further details of the discovery and an in-depth look at the misconfiguration, visit the article here:

For further information contact:

CyberNews -

About CyberNews provides the latest tech news and analysis to guide its global readers through the ever-expanding land of technology, and particularly to help them navigate the risks from hackers, malware and misuse of personal data.


@OpinePR is a Targeted Press Release Distribution Service of @OpineMediaGroup - submit Press Releases to: