QNB hack allegedly compromises Qatar's secret service data

The bank is investigating the alleged security incident, which may have exposed details of 1,200 customers

Hacker

Qatar National Bank (QNB) has allegedly been hacked, with the names and passwords of 1,200 customers potentially exposed.

QNB said on Tuesday that it was investigating the alleged incident, reports Middle East Eye, which is claimed to have led to 1.4 GB of documents and information relating to people and organisations with the bank anonymously leaked online. Alongside the 1,200 customers whose personal information has been potentially compromised, the leak may also include files related to Qatar's secret service and security apparatus. 

Calling news of the attack 'social media speculation' in a statement posted online, QNB said: "QNB Group places the highest priority on data security and deploying the strongest measures possible to ensure the integrity of our customers' information. QNB is further investigating this matter in coordination with all concerned parties. Thank you for your cooperation and understanding."

The leaked file is split into subfolders with labels such as 'Al Jazeera', 'Defence and etc', and 'SPY, Intelligence'.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Kevin Bocek, chief security strategist at Venafi, said: "Banks worldwide rely on sophisticated authentication technology which includes digital certificates, so while there's little word yet on how the Qatari National Bank's records were compromised, the fact that the attackers seemed to target specific accounts indicates that this could be a classic case of privileged access abuse the use of certain certificates to appear genuine and gain access.

"Criminals want to gain trusted status and go undetected for long periods, which makes certificates and cryptographic keys a prime target," Bocek continued. "Understanding how this system of digital trust that depend on certificates was breached, and protecting it going forward, will be imperative to secure the global banking system."

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/infrastructure/server-storage/354476/broadberry-cyberserve-r182-z90-review-gigabytes-epyc-gamble
Server & storage

Broadberry CyberServe R182-Z90 review: Gigabyte’s EPYC gamble pays off handsomely

7 Jan 2020
Visit/operating-systems/microsoft-windows/354514/gchq-warns-against-windows-7-for-email-banking
Microsoft Windows

GCHQ warns against Windows 7 for email, banking

13 Jan 2020