Habib Bank Limited - Pakistan's biggest bank - official website was hacked yesterday, when a hacker named Xploiter hacked the website and leaked the databases of the website and posted credentials online.
Hacker says he took just 17 minutes hack into sites.
The section that handles the online banking or Internet Banking of Habib Bank customers was not impacted with the hack.
No customer data was compromised or leaked during the incident.
14 databases belonging to the official website of Habib Bank – relating to the general information and front end of the website – were posted online with the names and tables.
While explaining the flaw in bank’s website, the hacker posted following in the leaked file:
Link:- www.HBL.Com > Error Based SQLiA list of login credentials were also posted in the online document, containing username, plain password and emails. Its strange that a bank stores password in plain language, revealing the security level of the bank.
File:- search_results_carbranch.php
Vulnerable Perameter:- branch_Alphabet
Method:- GET > MySQL Union Query
Leaked information can be access here: http://pastebin.com/SMRPVYB6
Luckily, the Internet Banking section or customers’ data was not compromised, but considering the hack, it is high-time for the banks to increase their security levels.
0 comments:
Post a Comment