“Hacker Buba” allegedly hacked into UAE Invest Bank and threatened to expose banking information of thousands of customers unless he was paid a ransom of $3 million for his silence.
According to stolen information posted via various Twitter handles, some dumped accounts contained up to $12 million, all of them potentially amounting to more than $110 million. Although the hacker also directly contacted some affected customers demanding payment, the breached bank was also given a written notice and deadline.
“Yes, there was a data breach and we have been contacted by Hacker Buba. He is asking for money but I cannot reveal how much. This is blackmail. We have reported the matter to UAE Central Bank. The Telecom Regulatory Authority’s (TRA) Computer Emergency Response Team (aeCERT) is investigating,” the bank’s chief financial and operating officer told XPRESS.
While the bank has openly rejected payment of ransom, affected customers have already been notified by the affected bank and an investigation is underway to ascertain how “Hacker Buba” managed to breach cybersecurity measures and how much information was he able to obtain.
“We won’t give in to any extortion threat. In any case there has been no financial loss. All what this man has is some customer information and he’s trying to use it as a bargaining chip,” added the bank’s chief financial and operating officer.
Security researchers are skeptical regarding the capture and accountability of the hacker and believe tougher cybersecurity mechanisms need to be set in place to avoid such events.
In an odd twist, the hacker also tried to convince the editor of the reporting Dubai newspaper to help convince the bank into paying the ransom, promising 5% of the received amount.