A Trove of data has been found circulating online — Hackers claim it belongs to the UAE Investment bank! The data includes credit card details and passport information.
A data file that shows and holds sensitive financial data has been published. The data, 10GB in size, was published online and seems to have been taken from a bank that is in the United Arab Emirates. The Zip file for first analysis shows that the financial information is from tens of thousands of customers with the InvestBank, which is based in Sharjah.
It is unclear if the data is legit, however, investigation has been launched
The released data shows that there are folders which are called ‘Account Master,’ ‘Customer Master’, and ‘Branch Master.’ It also shows and mainly consists of spreadsheets, some PDF files and some images which are from the internal database of the bank. Also on the document is another folder titled ‘Cards’ and it shows and contains around 20,000 card numbers, and another folder contains 3,000 individual bank statements. All of the statements are earmarked with the logo of the bank, InvestBank.
On the leaked database, some of the files to take note of are the ‘Investors’ folder together with the ‘land documents’, and the ‘passports’ folder. In the ‘passports’ folder, the files contained show ID card scans, passports, insurance cards and a host of other customer corresponding pictures. At least only one of the pictures clearly shows the full data of one of the InvestBank employees.
BankInfoSecurity, a security company, is trying to analyze the documents so as to see the actual amount of data leaked. They want to ascertain the amount of credit cards, which is thought to be closer to 100,000 at the moment for both Visa and MasterCard. At least pin codes and passwords are said to be encrypted at this point though related expiration dates are clearly visible.
The data release is the second in as many weeks after the Qatar National Bank was also hacked and sensitive financial information from the bank 1.4GB in size was leaked online. The data was released by a whistleblowing website called Cryptome on the 25th of April.
The new release, however, shows that this dataset has been released before. In December 2015, one such similar dataset was released which allegedly contained records from the Sharjah-based InvestBank. The data surfaced after they had refused to meet the ransom demands of a hacker who is named ‘Buba’. According to reports from 40,000 customers were exposed due to that particular leak and it involved things such as financial records and transaction logs. Also, a big chunk of the data seemed to be from 2015 or prior. This means the new set of data released online now might just be a rerun of the old data that was already published before.
The new release was uploaded by a group known as the Bozkurt Hackers, who are widely thought to be responsible for the Qatar National Bank attack also. In fact, one of the group’s members previously told reporters that, “We are the ones who hacked the Qatar National Bank – and more.” No proof was ever given though to show they were responsible for the hack.
Bozkurt Hackers might be doing all of this but not everyone is convinced they are a legitimate group of cyber criminals. Chief executive at cybersecurity firm Intel471, Mark Arena said that in previous cases hacked data was said to be reposted online by another group of hackers so that they could get online fame. This is what he believes the group is doing as they try to get word about their group out there, and the two incidents of the InvestBank clearly show that.
— #BozkurtHackers (@bozkurt_turk_) May 5, 2016
He also goes on to say that the two targets that Bozkurt Hackers claim to have breached, Qatar National Bank and InvestBank, have all been hacked before and therefore they can easily repost the dataset. He believes that the Qatar National Bank was rather hacked by a Russian-speaking hacker and not in any way linked to the Turkey-based Bozkurt Hackers.
One Twitter account which is affiliated with the name Bozkurt Hackers posted a link to the dataset they apparently hacked into from InvestBank UAE. The link was accompanied with a direct link to the Zip file.
Stay tuned, we will update this article as more info come by!