This incident highlights a serious issue regarding declining coding standards and poor coding practices among IT service providers. This reminds me of the "NatWest Bank incident", wherein customers fund transfers were left suspended and no one knew what happened to them because of a software glitch. Everyone blames poor coding practices for this.
Perhaps SBI should've outsourced its portal development to more a more reputable company. But, it is the developers responsibility to ensure that all security holes are plugged.