Official website of Habib Bank Limited – the largest bank of Pakistan – yesterday got hacked, when a hacker called Xploiter hacked the website and leaked the databases of the website and posted credentials online.
Hacker said that it took him just 17 minutes to hack into the website.
The section that handles the online banking or Internet Banking of Habib Bank customers was not impacted with the hack.
No customer data was compromised or leaked during the incident.
14 databases belonging to the official website of Habib Bank – relating to the general information and front end of the website – were posted online with the names and tables.
While explaining the flaw in bank’s website, the hacker posted following in the leaked file:
Link:- www.HBL.Com > Error Based SQLi
Vulnerable Perameter:- branch_Alphabet
Method:- GET > MySQL Union Query
A list of login credentials were also posted in the online document, containing username, plain password and emails. Its strange that a bank stores password in plain language, revealing the security level of the bank.
Leaked information can be access here: http://pastebin.com/SMRPVYB6
Luckily, the Internet Banking section or customers’ data was not compromised, but considering the hack, it is high-time for the banks to increase their security levels.
Via The Hacker Post