Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

InvestBank Says Leaked Data is From Old Breach

The hacker group that claimed responsibility for stealing and dumping 1.5 GB of data from the Qatar National Bank has now claimed responsibility for a 10 GB dump supposedly stolen from the Sharjah-based InvestBank. This was not unexpected, following hints last week that such a dump was imminent.

The hacker group that claimed responsibility for stealing and dumping 1.5 GB of data from the Qatar National Bank has now claimed responsibility for a 10 GB dump supposedly stolen from the Sharjah-based InvestBank. This was not unexpected, following hints last week that such a dump was imminent.

The group calling itself Bozkurt Hackers tweeted on 6 May, “Full DB + files from InvestBank UAE” along with a link. Although the shortened link in the tweet has been disabled (for violation of the URL shortening service’s terms and conditions) this was not before researchers got hold of the files. It primarily comprises spreadsheets, PDFs and image files in folders such as ‘Account Master’, ‘Customer Master’ and ‘Branch Master’. Another folder contains around 20,000 card details; and another contains thousands of individual bank statements.

However, there are serious doubts over whether this is indeed new data from a new breach. InvestBank has released a statement, “InvestBank would like to clarify that NO NEW data breach has occurred at the Bank. This is the same data that was stolen by the hackers last year and released again for unknown reasons/motives.” 

“At the moment, I would believe the bank,” F-Secure’s security advisor Sean Sullivan told SecurityWeek “This fake ‘Al Jazeera’ Twitter account is too eager to promote the ‘breach’. Such accounts are typically not a good sign that the dump contains new data.”

In December last year, Daily Dot reported that ‘Hacker Buba’ had attempted to extort $3 million from the same bank to prevent publication of stolen data. That data appears to have been even more extensive than the Bozkurt dump: “The actual data appears to be real,” reported Daily Dot at the time. “And it’s vast. One database analyzed by the Daily Dot includes the sensitive information of around 40,000 customers, including their full names, credit card numbers, and birthdays.”

A hacker by the name ‘Hacker Buba’ was attempting to sell this data via Twitter until late January. 

If, as currently seems likely, this new Bozkurt dump is old data, then it must also raise questions about the validity of the first Qatar National Bank dump. “The first person we saw to claim to have hacked [InvestBank] used the name ‘Hacker Buba’,” Mark Arena, CEO of Intel 471 told SecurityWeek. “The first claim appeared to include an effort to extort Invest Bank for Bitcoin. 

“Based on this,” he continued, “we believe it’s likely that both breaches were done by different people although we cannot be sure. Either way we don’t believe Bozkurt is linked to either incident and are republishing the data in an attempt to achieve online fame.”

Advertisement. Scroll to continue reading.
Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.