InvestBank UAE hack: Database containing credit card details and passport scans leaks online

A 10GB file has been released online that purports to hold sensitive financial data compromised from the InvestBank of the United Arab Emirates (UAE).

Upon initial analysis, the ZIP file contains tens of thousands of credit card numbers, names and addresses. There are folders listed as 'Account Master', 'Customer Master' and 'Branch Master'. One spreadsheet named 'Cards' contains over 18,000 card numbers. While another folder contains 3,383 individual bank statements - all watermarked and labelled from InvestBank. In another file, called 'Passports', the internal files appear to include individual scans of ID cards, business cards, passports, insurance cards and corresponding customer headshots.

IBTimes UK is currently in the process of verifying the contents of the dataset.

The release comes only one week after a similar trove of sensitive financial information was leaked online that contained customer data compromised from the Qatar National Bank (QNB), and published by whistleblowing website Cryptome on 25 April.

In the wake of the QNB leak, a number of security experts speculated that the release was the work of a group called the 'Bozkurt Hackers' - also known as the 'Grey Wolves'. Indeed, after the QNB breach was released, an anonymous Twitter user - under a Bozkurt Hackers profile - told IBTimes UK: "We are the ones who hacked the Qatar National Bank and more."

True to their word, the group posted to Twitter on 6 May: "Full DB and files from InvestBankUAE." The post was accompanied by a link to the dataset.

Screenshot from Data Dump© Provided by IBT Media (UK) Screenshot from Data Dump