Established in 1964, Qatar National Bank (QNB), headquartered in Doha, is the biggest bank in the country. The financial institution is the second largest bank in the Middle East and Africa, and one of the Gulf state’s biggest banks. Partially-owned by a government investment fund, QNB operates in 27 countries on three continents with more than 15,300 employees.
Such a large financial institution such as QNB naturally makes it a hot target for data breaches and hacking, which was the exact case of what happened on Tuesday when 1.4GB worth of documents were leaked online anonymously. The alleged hack exposed private information on more than 1,200 people and organisations in the leaked file which contained more than 15,000 documents detailing more than 100,000 accounts with passwords and PINs.
The leaked files which contained thousands of bank records, including passwords, customer transaction logs, account numbers, and credit card data, were allegedly posted onto a file-sharing website named Global Files.net earlier this week. Later, it was taken down but again reuploaded onto another website, Cryptome.
According to Qatar-based Doha News, the massive data dump appears to consist of files even of the country’s secret service, security apparatus, Al Jazeera’s journalists and members of the ruling family Al-Thani.
Screenshot of the leaked folders circulated online. (Source: Doha News)
Among the folders information found were;
‘Al Jazeera’: Containing 29 separate files on staff members alongside a Microsoft Excel file holding more than 1,200 records including national ID numbers, telephone numbers and home addresses. Al-Jazeera staff confirmed that much of their information is correct;
‘Al Thani’: The folder with the name of Qatar’s ruling royal family purported to include details on many of its members;
‘Mukhabarat’: In the folder with the name Qatar’s State Security Bureau on it,personal details of 562 people assumed to be members of the Qatar intelligence service were uncovered;
‘Defence’: Contained 42 separate sub-folders with details marked as being part of Qatar’s “Ministry of Defense,” “Defense,” and “United Army.”
Other folders discovered included files that purport to contain information on staff at other local banks, police, and security. Meanwhile, the files also identify one man as “Defence, SPY (MI6),” opens up an in-depth report on an alleged agent alongside social media links to what the files suggest are his spouse and his friends, phone numbers, family photos and credit card data. Furthermore, in one instance, a file marked “wife”, opens a photo showing a woman and two children.
Creepy? We think so too.
In addition, on the customer side, a number of folders contain some of the listed database spreadsheets which were labelled: “Account Master”, “User Profile” and “Transactions”, although it remains unknown how current the data is.
A former Al Jazeera employee, Gordon Hickey, told Doha News that his friend had called to inform him that his bank account and passwords were publicly available in a folder with the word “SPY” on it. Albeit having changed all his passwords since then, he was still shocked at all his data being exposed which even included his Twitter account details.
A similar victim who was troubled on the “SPY” label next to her name includes one beIn staff who only found out about the leak when she was contacted by Doha News. When she received a text message saying someone had tried to access her QNB account without her permission, she immediately rang QNB to enquire. While QNB assured there was no cause for alarm, she claims that she was very worried about whether anyone else had managed to take money out of her account.
Middle East Eye reports that another Al Jazeera journalist, Bernard Smith, confirmed that the information uploaded online of his personal account was indeed accurate. “The details they had for me were mostly correct – I had changed my credit cards just a few months ago after losing them, but other information such as my passwords and contact details were all accurate. I was very shocked to see my details online.”
And it seems that there are already hackers taking the opportunity to exploit financial information from the QNB data breach. According to International Business Times UK, an anonymous source reported that their bank account information and social media platforms have both been targeted, with three failed attempts so far to login to their bank account. The source informed that while they were aware of the failed logins because of the security texts they received during failed attempts, the hackers were able to get into the Twitter account.
“They got into my Twitter account – because I used the same password – and switched it to Arabic. Nothing was posted though and I’ve got control back. I got an email yesterday saying my Twitter account had been changed and it wasn’t me”.
Albeit it remains unclear who is responsible for the hack, security experts who spoke to International Business Times UK have an inkling that the hack was most likely pulled off through ‘SQL injections’. In a recent development, a user behind the Twitter account @bozkurthackers claims to be responsible for the QNB hacking. “We are the ones who hacked the Qatar National Bank and more”.
The user had posted images of the alleged SQL injection together with a video featuring images from the data dump and a selection of credit card data, although this may not necessarily prove them to be the bona fide hackers as the images could have easily been uncovered online.
Extra: SQL injections is a code injection technique used to attack data-driven applications, whereby malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker), usually made possible through a security vulnerability in an application’s software.
While we may still not know how exactly the data was compromised or the identity of those responsible for it, QNB released a statement refusing to say whether the leak had occurred, but said it was looking into the claims.
“Referring to social media speculation in regard to an alleged data breach, it is QNB Group policy not to comment on reports circulated via social media. QNB would like to take this opportunity to assure all concerned that there is no financial impact on our clients or the Bank.”
Check to see if you were affected by the QNB hack on this website.
 Doha News
 Al Jazeera
 Middle East Eye
 International Business Times UK
 International Business Times UK