InvestBank UAE hack: Database Containing Credit Card Details and Passport Scans Leaks Online
A 10GB file has been published online that purports to hold sensitive financial data compromised from a bank in the United Arab Emirates (UAE). Based on initial analysis of the leaked dataset, the Zip file contains sensitive financial information on tens of thousands of customers with a Sharjah-based InvestBank.
The released data includes folders called ‘Account Master’, ‘Customer Master’ and ‘Branch Master’ and mainly consists of spreadsheets, PDF files and images allegedly plundered from an internal database. One document, titled ‘Cards’ contains nearly 20,000 card numbers, while another holds over 3,000 individual bank statements – all watermarked with InvestBank logos.
Other notable files include ‘Investors’, ‘land documents’ and ‘passports’. In the latter folder, the files stored include scans of ID cards, passports, insurance cards and a number of corresponding customer pictures. At least one contains the full passport data of an InvestBank employee.
IBTimes UK is currently in the process of verifying the contents of the dataset.
According to BankInfoSecurity, which is also analysing the contents of the data dump, the actual amount of credit card data leaked – both Visa and Mastercard – is closer to 100,000 records. While related expiry dates are shown in clear text, passwords and pin numbers appear to be encrypted, it reports.
The release comes roughly a week after 1.4GB-worth of sensitive financial information was leaked online that contained data compromised from the Qatar National Bank (QNB), released in full by a whistleblowing website called Cryptome on 25 April.
However, with this latest breach, there is evidence the data has surfaced before. Last December, a similar dataset alleging to contain records from a Sharjah-based InvestBank was uploaded to the internet after the bank refused to meet extortion demands of a hacker using the name ‘Buba’. This previous release also included financial records and transaction logs and, according to The Daily Dot, over 40,000 customers were left exposed. Furthermore, a significant amount of the data included in the release appears to be from 2015 or prior. Both of these facts indicate the breach may not be new and could simply be a re-publish by a separate hacking group.
The latest release was uploaded online by a group using the pseudonym ‘Bozkurt Hackers’ – who many security experts suspected was also responsible for the QNB attack. Indeed, one member of the hacking group previously told IBTimes UK: “We are the ones who hacked the Qatar National Bank – and more.” However, no solid proof was ever provided.
However, not everyone is convinced the so-called Bozkurt Hackers are a legitimate group of cybercriminals. Mark Arena, chief executive officer of cybersecurity firm Intel 471, told IBTimes UK: “There have been a number of previous occasions where prior leaked compromised data has been re-released by another group in order to achieve online fame and we believe this is the case with the Bozkurt Hackers group and these two incidents.”
Arena added: “Bozkurt Hackers have made a number of claims including having breached the Qatar National Bank (QNB) and now the Sharjah-based InvestBank. Both these organisations have had compromised data leaked online well before Bozkurt Hackers has claimed credit. We believe the Qatar National Bank was compromised by a Russian speaking actor and not at all linked with the apparently Turkey-based Bozkurt Hackers.”
A Twitter account using the name Bozkurt Hackers posted a link to the InvestBank dataset on 6 May. The post said “Full DB and files from InvestBank UAE” and was accompanied by a direct link to the Zip file.
Source | IBTimes