InvestBank UAE hacked: credit cards and passports leaked

by Walt Upsey on May 9th, 2016

Hacking News » InvestBank UAE hacked: credit cards and passports leaked



Based on initial analysis of the leaked data, tens of thousands of customers have been compromised. The zipfile containst folders called "Account Master", "Customer Master" and "Branch Master" and consists of spreadsheets, PDFs and images (passport scans) taken from the internal database. One very interesting document titled "Cards" contains close to 20,000 credit card numbers while another holds over 3000 individual bank statements. Other interesting folders are "Investors", "Land Documents" and "Passports" containing scans of ID cards, passports, insurance cards and a customer photos.











According to BankInfoSecurity the actual amount of credit card data leaked is closer to 100,000 records. While credit card expiry dates are shown in clear text, passwords and PIN numbers appear to be encrypted, it reports.



The screenshots in this article were obtained by Xatrix Security from a reputable source. As you can see there are files with passwords to admin accounts and entire virtual machines (servers).











This leak comes roughly a week after a whistleblowing website called Cryptome released 1.4GB of data from Qatar National Bank (QNB) on April 25th 2016.



However, with InvestBank breach there is evidence the data has surfaced before. Last December a similar dataset was obtained from a Sharjah investment bank and was uploaded online by a hacker using pseudonym "Buba" after the bank refused to pay the extortion. According to The Daily Dot that release included financial records and transaction logs leaving 40,000 customers exposed. Furthermore, a significant amount of data appears to be from and prior to 2015. If these rumors are true it indicates that the breach may not be new and may be a re-extortion attempt by a separate hacking group.











This previous release also included financial records and transaction logs and, according to The Daily Dot, over 40,000 customers were left exposed. Furthermore, a significant amount of the data included in the release appears to be from 2015 or prior. Both of these facts indicate the breach may not be new and could simply be a re-publish by a separate hacking group.



The latest release was uploaded online by a group using the pseudonym "Bozkurt Hackers" - who many security experts suspected was also responsible for the QNB attack.



A Twitter account "Bozkurt Hackers" posted a link to the InvestBank dataset on May 6th 2016 saying "Full DB and files from InvestBank UAE" with a direct to the ZIP file.