1. This isn't fake. 2. Credentials are stored as hashes. It should be literally, with no exagger...

Summary

A security researcher has flagged HSBC India for apparently storing customer credentials in plaintext rather than as cryptographic hashes, a fundamental security violation. The finding suggests the bank may have direct access to customer passwords, which should be technically impossible if proper password hashing were implemented. This represents a critical identity and access control failure at a major financial institution.