Habib Bank Gets Hacked, Databases Leaked Online!

Official website of Habib Bank Limited – the largest bank of Pakistan – yesterday got hacked, when a hacker called Xploiter hacked the website and leaked the databases of the website and posted credentials online.

Hacker said that it took him just 17 minutes to hack into the website.

The section that handles the online banking or Internet Banking of Habib Bank customers was not impacted with the hack.

No customer data was compromised or leaked during the incident.

14 databases belonging to the official website of Habib Bank – relating to the general information and front end of the website – were posted online with the names and tables.

While explaining the flaw in bank’s website, the hacker posted following in the leaked file:

Link:- www.HBL.Com  > Error Based SQLi

File:- search_results_carbranch.php

Vulnerable Perameter:- branch_Alphabet

Method:- GET  > MySQL Union Query

A list of login credentials were also posted in the online document, containing username, plain password and emails. Its strange that a bank stores password in plain language, revealing the security level of the bank.

Leaked information can be access here: http://pastebin.com/SMRPVYB6

Luckily, the Internet Banking section or customers’ data was not compromised, but considering the hack, it is high-time for the banks to increase their security levels.

Via The Hacker Post

Tech reporter with over 10 years of experience, founder of ProPakistani.PK


  • Haseeb Ahmad Ayazi

    Nice Shoot Pak Bugs

  • Hackers Must publish the database of accounts those have more than 5M balance

    • FACT

      What problem do you have with those account holders? are you envious or what?

    • Webstar

      The section that handles the online banking or Internet Banking of Habib
      Banking was not impacted with the hack. No customer data was
      compromised or leaked during the incident.

    • talha92

      Maybe if you work hard instead of burning because others have more, one day you will have 5M in your account too.
      Not everyone with more than 5M in the account is corrupt.
      Pehle apna zehan saaf karo, phir dosroon pay hamlay karna.

      • FACT

        Exactly! This is called “hasad” what this m. abdul qadoos wished! He seems one of those who are crazy to see other’s secrets ;) May be he is desperate to see someone from his friend or relatives in list to know their balance ;))
        Grow up @abdulqadoos:disqus

  • Azi

    ohoooo

  • Hira Saeed

    Pakistan IT industry is flourishing. lol!

    • Yasir Mahmood

      Our Ultimate Pleasure……

    • That is a very narrow observation!

  • nasir

    May be this time they realize the problem of customers and improve there online banking, internet banking and ATM system, currently it goes down 80% of time. I am a customer of HBL since 2005 but I was seriously thinking to change my account to some other reliable bank. Hail to hacker lolzzzz :D

    • Faltu IT

      HBL ATM Network is the worst in teh country because their IT infrastructure is jsut crap. It is running on PTCL and Multinet which doesnt work half the time. It was so frustrating and saime saith mentality. I was working there since 5 years ago but then they changed CIO who was trying to make a change and now its still crap and going to remain crap.

    • Guest

      This is not online banking Noob !

  • SSyar

    I read earlier.,.,. they move to very high profile security,.,. via IBM server(i think) :p

    • script kiddies

      Lagta hie pak bugs ke khelaf phir crack down hoga aur jail jaeinge phir bhagtey phero gei jesay old days mei howa tha

  • Informar

    Looks like you like to see paksitani website to be hacked…. Do u remeber when we informed you about HBL vulnerability and we asked you to make a post so that bank IT team know that theri website is vulnerable but you didn’t listen to us …. you can see on our page we informaed far earlier that pakbugs discloused system …. Proof on our page –>

    https://www.facebook.com/541817332528930/posts/543902085653788

    https://www.facebook.com/VulnerabilityPandorasBox/posts/552081244835872

    BTW well done pakbugs … HBL deserve this :P

    • Escobar Pablo

      all Pakistani banks are highly vulnerable even Online banking sites too , Last Time I Owned Soneri Bank’s online banking system and still I have access in it

      • Informar

        I do know that mate ;)

  • WebSolHub

    I am not HBL customer anymore :)

  • Asif Sajjad

    Hilllllllarious :D

  • Real

    Its all crap. nothing has happened with hbl website

    • Informar

      Just close ur eyes and u see nothing then pretend like nothing happend :P

  • Naveed

    This should happen, corporates think they can handle security well. But they don’t hire people with security specialization (on merit). Instead bhanjays bhateejas hired ..

    • Escobar Pablo

      They hired Haseen Usman :D a noob with 30 lacs worth certifications :D

      • FAT KID

        bahahaha.. i work with him on same floor. and he is an I-D-I-O-T

        • Alpha Haxor

          You guys are targeting one individual… I personally saw him in action and I believe that he is one of the best….So in my personal opinion all you guys are saying is false and only for any personal problem…..

          • guest

            If he is One of The best He secured HBL then how HBL gets Hacked? bro

            • Alpha Haxor

              HBL never been hacked my Bro :) How could you think that HBL will put the sensitive information of their valuable customers so insecure? Apko kya lagta hai HBL customers ka data apni web pe rakhy ga? Like seriously?

              • Informar

                @de9bc070032f1e6147542cbc21db0d71:disqus I don’t think that u know a litte about reputational value ….. It was not claimed that sensitive data have been hacked it’s you who claimed that ….. So pay attention what was calimed and what you people are auguring at ;)

              • Daddy

                lol stop barking :D

  • Mazhar

    This will help them to rectify their Website weekness

  • AN

    Credentials data should be stored with encryption!!!

    • SS

      It seems HBL had made their online managment system free of cost :)

  • ExHBLDeveloper

    I am one of the developers that worked on this site more than 5 years ago lol

    This is not bank account data just stupid website that was hacked using SQL Injection. There is no sensitive information except for may be users who gave their personal information like name, email, phone when they used Car Loan application.

    Almost all the people you see at the end with their passwords doesn’t even work there anymore lol

    • Informar

      lol…. so u are ex-HBL developer…. and actually u r telling that after even working 5 years on site you were unable to patch sql injection…. that’s what your development cababilites are :P

      • Guest_KSA

        I think that if HBL really hack as claim by these hackers then why they didt deface the website or create a mirror ! These claims are all fake.

        • Guest

          @1eb24a753ae9056c90a8c98355907852:disqus Brother HBL’s info Sec team is accepting this Hack , I have confirmed from someone working in HBL’s cyber security Team , They said its compromised from an old application on the same server .

          you must know differance b/w Hack and deface

          • Syed Muhammad Qazim Ahmed

            Assalam o Alykum,

            All information present by this group is Fake… I am a senior citizen I am very old customer I also confirmed it….No such things happened… .let assume for a sec that it happen so in that case no impact to anyone or any of customer data. Hacker achieve nothing which they pretending… They are just marketing them-self targeting an organization for personal gain and popularity of their group……Being the HBL customer its a proud for me when I see my country name, flags in other countries,… when i travel Uk, USA, France and other country.. the only valuable asset which we find in most of the countries… Me and my kids proud and I wish that Pakistan have these type of more organizations. I personally believe HBL as an golden asset of Pakistan and give a shadow of Quied-e-Azam. we did a lot to make this country…and it was Pakistan 1st bank.. I feel very bad that this is what our new generations are doing. Taliban attack our golden asset and destroy Quaid-e-Azam House..Now these new generation kids doing the same with our history and inheritance of Quaid-e-Azam. So If taliban attack in any mosque or kill our people and they say that they are right the same I see that these kids attack inheritance of Quaid-e-Azam and say they are right… Both are terrorist and criminals.. These are all consider as traitor of the country and We should all condemn them and their activities.

            Kind Regards

            Syed Muhammad Qazim Ahmed

            • True Paki

              well said sir, this is true this type of hackers dont know what they are doing. they have ruined our country assets. the only place where this generation love quaid e Azam is the currency note. i know they did this for only money.! they dont love their country their nation.. we feel ashamed at front of other countries just because of these guyz.. You guyz should see under your collar first. FIA must take action against these morrons..!

        • Informar

          @1eb24a753ae9056c90a8c98355907852:disqus HBL was not defeaced it’s data have been hacked and compromised …. you can see pastebin about that…… For your kind inforamtion and poor knowledge …. “Mirror Deface page ka banta ha bhai data dump ka nae khuda ka khoof karo ..”

  • Rockz

    lolxxxx he was my fella from mIRC … Ab pata chala what he actually do lolxxxxx Good to see his success :)

    • Escobar Pablo

      Sorry I don’t use mIRC ….

      • Rockz

        lolxxx you are not Xpl0iter :)

        • script kiddies

          Itna time nahi ke MIRC per makhiyan marey aur phir fake news phelaye

  • M Behzad Jhatial

    cant believe this can happen…

  • kkz.kkz

    looks like server4sale is hack they handle there servers and database

    • H4X0rs

      I agree with your point because these noobs didn’t create any mirror or defacement ! further all claims are fake because HBL.com dont contain any customer data nor any other publicly Lolzz These noobs even dont know about this.

  • ms.mansuri1

    publish the political person account and send the report to geo news to show his assets they earn from pakistan illegally ….

    • Bilal Tariq

      GEO news….. Seriouly!?!

      • Khan Haxor

        Dude Im a hacker , After I went this Alll i noticed that HBL was really hacked but no data was infected .. Our Xploiter bro didnt harmed anything infact this is the reality that haseen usman is just a pro nooob …. he deserves to die actually .. he recently purchased a software Core impact of 70 lakhs .. Woa if i was HBL security incharge i wont spent it on a software infact i would hire any professional or ill secure it by myself … :) Xploiter bro hats off , keep it up good luck in future :D

        • KHAN K ABBU

          Oh Mr.Khan Haxor there :D well do u thing u r hacker :D :D lolzz lolzzz .. LMFAO hogaya ye to :D :D soo MR . KHAN HAXOR first save ur website then comment on other website … bcz jab tmhari web bani hack hoi :D

          • script kiddies

            lol Main bhi hack kar chuka ho 20000 baar google ko bas sadly I didn’t create any mirror :( hats off to me no harm done by me lol

  • Adnan Khalid

    I m not able login my hbl internet banking following error arise System Message You are not allowed to login since you do not have any active account(s) or credit card(s).:(

  • Danish Iqbal

    I saw this shot live ^_^

    Escobar Pablo was in a bad mode that day !!

    • Escobar Pablo

      Haseen Usman was responsible for bad mood and this Hack , He will be Kicked from HBL now :D if not then i have another way too :D

      • Alpha Haxor

        Manxab Mian Thory housh kay nakhun lo :) Awam ko ullo bana sakty ho ap magr humey nai :) Apko kya lagta hai HBL sara data apni web per rakhy ga? Agar aisa hai to apko sharam se doob marna chahye kay ap ne ab tak kuch nai seekha,

        • Escobar Pablo

          Duffer Read the full post 1st.

          The section that handles the online banking or Internet Banking of Habib Bank customers was not impacted with the hack

          Nasha kar k to nai aye online???

          • Alpha Haxor

            Mano ya na mano barkhudar AP LAMMER HO.

            • FarazPk

              Ooo Now i understand that none of any HBL customer or confidential information was access or hacked .

        • Informar

          @de9bc070032f1e6147542cbc21db0d71:disqus it seems u r an HBL guy ….. as i said just close ur eyes and see nothing then pretend like nothing happend… same case with you my brother…. i can’t figure as hacker accepted that he didn’t got access to online bankinging web then y you people are auguing on this …. this shows how much weak you are and let me tell if SQL injection in not a vulnerability then why bank IT patched this vulnerability now??? just tell me that :P

          • Calvin Klien

            N00b!! did you ever work in any organization?? these organization people never respond anything unofficial or engage any of stupid and nonsense discussions. so none of any other bank employee will come or do any comment. even they don’t damn care about this! grow up!! otherwise drink pediasure! :D
            Regards,
            Calvin Klien

        • X>Dr.R<X

          I am a black hat and now the part of other side…. did many compromises and closely saw and involve in this attempts. I don’t care what other noobs are saying but the true and real story is that this Genious smart ass’ Called Haseen Usman” by few of his HIGH PROFILE Patriotic FANS… got the Intel that we are going to attack few Paki banks after we already got few small successes. When we were scanning the bank websites to compromise. He came silently identifies every individual, leave a dump stupid message on FB “any one who work against their own state/country attack or compromise and target the country assets are considered as anti state criminals’ which I dam care about as PakBugs. because we already did it many times :D. He was just trying to stop all of us with his patriotism. Lolzzz… Vulnerabilities was disappears and we were not able to deface the website even there is no SQLi left. Frustration rises and many form us did DDos but nothing happen to hbl.com. We got nothing and all of us got identified by this Smart ASS. One of group member inform that his is from HBL. I review the linked In and but nothing find that he is from HBL but it was confirmed by others. During the attack with others at that time I face many problems while attacking the site and its seems that their team who was just capturing all the info as evidences which I don’t have no idea. My session was terminated and systems got hang many time and at the end I got screen of death which I am sure happen due to that attack and some one respond me very hard. All banks are under the hit list of many groups like us and we do it for our passion.

          Regards,
          X>Dr.R<X

  • Escobar Pablo

    I Just Hacked HBL because of a “Haseen Usman” He claim that he secure HBL He was Barking on my wall , Haseen Usman is responsible for the Hack of HBL .. If this Dog will bark again Then No one can stop us…
    Screenshot :- http://oi44.tinypic.com/2qk3uk2.jpg
    here is Post Link:- See comments https://www.facebook.com/photo.php?fbid=116104751929456&set=a.116094191930512.1073741828.100005897944532&type=3&src=https%3A%2F%2Ffbcdn-sphotos-c-a.akamaihd.net%2Fhphotos-ak-ash4%2F294986_116104751929456_628678417_n.jpg&size=703%2C742

  • FACT

    You people will soon see hacked Bank Alfalah and Faysal bank websites– Why?? They are using WORDPRESS CMS!!!! WHAT A CHEAP IT TEAMS!

  • Fahad Khalil

    HBL .. suckiest possible bank in Pakistan :)

  • afzal

    “naamaalum” afrad are now on internet :D!!

    • Ali

      lol

  • GUEST HBL

    Aur karo Hasen Usman ko HIRE .. bahahahahahaha
    http://pk.linkedin.com/pub/haseen-usman-ahmed/14/a2b/130

  • Khurram ShahzAd

    This is an eye opening event, banks must concentrate on web security.

  • Khurram ShahzAd

    Banks better implement security, next time it could be info of customers, thats leaked.

  • Escobar Pablo

    Gimme detail of every client that this ashole have , I will Teach him what is called security

    • Back Hat Pakistan

      I am one of from your group and I know all of you noobs. You are Making the world Fool. There is no such Hack just doing for your Own Marketing. You get nothing out of it. You evan dont know anything what you are claiming. here, You evan not a bacholers studing with Noman Rifat. We told you not to sale any information to external enemies but you didt accept it. We are black hats but we dont attack our own country. You sale the sonari informaion to exnemies countries and publicly czz you dont have money to eat. ! This is waht you are ! See inside of you. I will expose you all if I found any further claims and hacks against any of Pakistan website or anyone.

      • Escobar Pablo

        O yeah ! Did We Emailed you after deal ?? :D lamer you must be from hack troll chutiyas who can’t hack but can only bark

        • aamir7

          language sir… your comments are being watched.

          • Hinza Awan

            :)

        • Dr Trojan 1337

          Acha you didn’t sell anything to anyone? Bitch, Come on what about soneri bank accounts? What the bullshit dark market of pakbugs? Where you are selling credit cards and private information of innocent Pakistani people? Calling your self hero of pakistan? BULLSHIT!! Hero of Pakistan never harm their own country, Tell me why you hacked Pakistani Websites? Why did you hack into supreme court and leak its database to Rivals of country? Because you are just a fearless man, unpatriotic to your own motherland, Than how you expect anyone to choose your side? And One thing Mr so called hero to whom you are messing with is you FATHER, and you know him who is he. Agar wo chahy to tumhara Bio data khol kar rakh den, Your real name, Your father name, CNIC, Home address, Phone number, Each and everything beta. Bolo to likh den yahan per? Ghar se uthwae jao gay munny tum. FIA is just waiting for this information.
          Regards my Son,
          Dad here.
          P.s: Give me the answers of question I have asked.

          • U know me well

            Mr.Dr.torjan aka haxor life aka noob….r00w0rm par botnets wagaira mangtee huay screen shot dekhao 1337 k . . even dont know a shit about security and penetest agai mou utha kar…public mai karon kia????

          • hax.r00t

            @Dr.Trojan Madleets k server k paisay tumhara baap apni Jaib se daita hai kiya?? aap hud Hacked credit card use krtay ho and ilzaam dusro ko daitay ho . aik dafa aap ne hud mujay kaha tha k aap ko jab credit card chahya hota hai aap aik shop main se nikaltay ho yaad hai and you also shared some cards with me which I rejected ? waisay mujay aik baat btao molvi kab se ban gaye ho???

            Mr. Trojan a.k.a h4x0rl1f3 aka Noob main 1337 aka shadow008 k r00tw0rm par botnet wagaira mangtay huway screen shot dekhaun 1337 k??? even dont know a shit about security and penetest agai mou utha kar…public mai karon kia????

            @Pakbugs please ignore them Kuta bhonktay rehtay hain karwaan chaltay rehtay hain

          • hax.r00t
          • Escobar Pablo

            That is The thing! Now I got who is bubling !

            Selling your country’s Information to enemy is same like selling your own “mom” and your own “Soul” . We can’t Sell our mom Like you Sell your own Mom to Indian Hackers . Here goes the screenshot in which you Mofo’s were gifting Pakistani Servers to indian lamers But Keep it in Mind We still exist in National informatic centre of Pakistan We will Bring them Back .

            You got exposed badly By some other hackers in the same post . Stop Doing Public Stunt and pay attention toward studies kid . I know what I am Doing mind your own business
            .
            Kid you were never been a part of Pakbugs as you are claiming above , We know you kids want to Join Pakbugs to learn some Advance Shits but really No place for new kids we are the Team of professionals with each member having experience more then 8 years.
            .
            Go to FIA Head office and Give them what ever you claim that you have . I will be waiting .
            .
            When We Hacked PKNIC I was amazed That you were acting Like a molvi saheb in front of Public but you made payments to Pknic for buying cyber.com.pk , google.net.pk , cyberarmy.com.pk ,gouv.pk From Hacked Credit Card , Should I Public these screenshots ?
            .
            Keep it in your Mind You Nigga Can’t be Us !

            https://sphotos-a.xx.fbcdn.net/hphotos-prn2/s720x720/1045061_687500131266472_182937170_n.png

            • SDH

              Dear MB AKA xploiter dont fool people of Pakistan.. inside of u .. i dont care others r saying but as a part in past i know everything about u and ur team .. so dont force me to put everything here what you sale and what PB connection with other countries. i respect all black hat and our anonymity….

              • Usman Ali

                I don’t Know what you people will get after Spoiling the image of One one the Best Hacker in Pakistan .

                May Be He is Best Then you so you are jealous from him

                He already Made the Clarification by Saying:-

                “Selling your country’s Information to enemy is same like selling your own “mom” and your own “Soul” . We can’t Sell our mom Like you Sell your own Mom to Indian Hackers . Here goes the screenshot in which you Mofo’s were gifting Pakistani Servers to indian lamers But Keep it in Mind We still exist in National informatic centre of Pakistan We will Bring them Back “

        • SHDK

          Pakbugs is a criminal anti-state body, Who works for other country, that’s why we are not in favor of pakbugs and consider them as enemy of our beloved motherland.
          Everyone check pakbug’s reality, in past they got arrested and you all know history repeats itself, Xploiter and his team will be soon arrested. Thats why each group working in pakistan are against you. YOU’LL BE BANGED SOON.

          • Guest

            Stop spreading garbage , I think you guys forget When Indians were attacking Pakistani Cyber Space and all were sleeping on that time Pakbugs defend Pakistani cyber space They Agree They are Bad boys same like chulbul panday but They Expose Pakistani infrastructures vulnerabilities to secure Pakistan ,

            You know cyber attacks from Pakistan makes Indian cyber space strong …. so why dnt we secure our own cyber space???

            • SHDK

              So you r think hack pakistan cyber space and pointout the valunerability is this right way .. So pls increase knowledge then speak here otherwise stop commenting if u dont knuow pakbugs real face .. SECURE KARNY WALY JAIL NI JATY

              • Guest

                They are Pakistani and I feel proud on there telant , F.I.A arrested them in past because they Hacked F.I.A’s website that shows they are better then F.I.A’s Cyber security team.

              • Pakbugs

                No Mofu Respond unless he is slapped by Defacement,
                i agree its a bad way but it is most effective way to make Noobs understand wht they were ignoring

            • Guest

              lolz Jhotaaaaaaaai :D Apna logo ke bajana sa forsat milta to ya kuch karan na.

      • haji Saheb

        Before making any fake ID , Learn the speelling :D

  • Guest

    Pakistan IT industry is flourishing. lol!

  • Engr Imran Khan

    @HBL no Security Pakistani Hackers Rockx

  • Guest

    I’m Also Tired from Haseen Usman. When he Talk he shows he is everything and he is top security expert of Pakistan.

    • guest

      we aren’t talking about any individual .. we r talking about pakistan … and pakbugs is an enemy of pakistan and they r attacking on their own cyber space. if they have skill do it on facebook :D

      • Guest

        They are helping us to secure pak cyber space , They expose weak points of our Websites so admin can patch them .. Hats Off for Pakbugs

        • Alpha Haxor

          Hats Off to Pakbugs? Agar ap he k ghar ka koi shaks apka ghar jala dally to apko kaisa lagey ga? PAKBUGS is just harming pakistan cyber space. WAKE UP PEOPLE!! Stop believing liars.

  • Guest

    They also hacked goole 5 times say thats also fake lol

    • Alpha Haxor

      Bro plz always think before commenting :) Only DNS of google was hacked not its database. There is differences between Database and DNS :)

      • Hafiz

        Didn’t That DNS belongs to Google ?

        • Alpha Haxor

          Hacking DNS is not a big deal :) If they have guts than hack google’s database.

          • Your Orignal Papa Hax.r00t

            ALpha Haxor aka Dr.Trojan a.k.a Hax0rl1f3 . If haccking google’s Dns is not big deal then whats the big deal ??

            • Alpha Haxor

              Xploiter aka Escobar pablo aka ahmed khan aka Manxab jutt aka ali jutt HACK THE DATABASE OF GOOGLE phr baat karna :)

          • Papa of H4x0rl1f3 :D

            Stop Laming you loser =)
            PakBugs has been fucking google, hotmail, msn , banks and all even before you were born :D so go and jump into a river :D

            • script kiddies

              Than what was the end wo bhi tou batao lol Pak bug ka owner zoombie bhagta phiera tha aur pori pakbug ke khelaf crack down howa tha

            • Alpha haxor

              Choty bhai jis country ki ap ne hack ki msn hotmail wagaira wo log khud apni website nai kholty to secure kya karen gen :) .com pe hath saaf karo phr ana.

  • Bablu320

    Hats off on Telanted Pakistanis

    • Tin

      Lol…. , Same guys posting again and again ..dont you guys know the spelling of talented !
      repeated mistake from our kiddo hacker ..Rofl ..
      Hurry up ..tyme to go school !

  • FACT

    Plz try same (as ethical hacking) with Faysal Bank and Bank alfalah. They don’t listen to general complaints about vulnerability and using WordPress based ibanking websites! Either their IT personnels are fooling them or they are greedy paying NO attention on security.

    • Escobar Pablo

      I personally Reported Many weak points in Different High Profile Infrasturctue But They Don’t Pay attention , SO I choose my own way to make Pakistani Cyber Space Secure … Right Now I’m Hitting Main Sites as Early warning …

      • FACT

        Good! Bank Alfalah site is not only but highly vulnerable I think! They have big accounts but they don’t care!

        I suspect no bank bothers to get penetration test and cover loop holes, except few! So people (ethical hackers) should take their own way to teach them lesson with warning to secure it with some tips ;)

      • script kiddies

        So you trying to get job in Pakistan IT depart by joining some arabic forum where you been taught how to hack which is the main source of all pakistani hackers. They don’t create any shell script or anything just copy paste stuff in their hack forum from other big hacking forum. Do some thing better in your life to gain popularity.

        • Escobar Pablo

          Script kiddie go to any black hat community you will not find me there .. I don’t have enough time to join forums etc etc

  • H4$N4!N H4XOR

    Nice one XPLOITER :D

    • HAsnain K Abu

      shakal sy he kiyn padora lagta hai :D

  • beensheen

    ??

  • X+

    I know haseen usman , and I think is just a great person . And may be all this will just give him more strength ! :) Haseen Usman , Go man , you worth more …
    30 lacs certification is what you got from your hard work .
    ALLAH is surly with you this time …
    and grow up guys , no website is hacked !
    HBL still maintains its standard and May ALLAH bless the them to get more higher and higher !
    As ALLAH is with those who do the right !

    • FACT

      @X+
      Molvi sahab, ALLAH is surely with those who do the right! But ALLAH is not with those who are involved in INTEREST!!!
      So, I guess you may be haseen usman or someone from HBL, whoever you are, do NOT try to think that ALLAH is with people who earn or are involved in INTEREST based Banking, Although it’s not in control of 1 bank, but all banks may try to establish pure Islamic banking, and NOT COMBO or namy.

      So, comment but with logic!

      • WellWisher!

        Grow up! @FACT, lets suppose for a moment you have hacked this website? do you think what you have done is all right? u go against of your country only for fun.. you compromise the website in public just to get attention towards yourself that u have done something out of the world. do you have basic knowledge of penetration testing? do you know what is legal or what is illegal? have you guys ever scene the banking infra structure? How they store there database? U can’t get direct access buddy. I have scene that is why i am telling you. A true patriotic never act like this he always think 1000 times before doing something.. what will be the impact of this nonsense you have spread. and the sickness of your mind is proved in the above comments.. neither i know u guys nor haseen usman. but the thing you have done is wrong buddy..! you shouldn’t do that. if you are a real patriotic person and you love your homeland.. never harm your own people!. If you want to do something just do it in a right way.. defend the country with the affiliation of pakistan army. support them. go to FIA show your skills and do something big in computer forensics. make us proud buddy that you are a true Pakistani. Hacking your on websites , damaging your own country assets is not good at all neither it is patriotism what all of the above guys are saying that they are preventing the country. how can you say that.?? Scan someone’s website without his permission is a crime.. if a stranger come to your home start spying here n there. watch each n everything.. what will you do?? May Allah show you the right way!!

        • Escobar Pablo

          @051517ee7b193efe2a2e5588adee0a6a:disqus aka Haseen Usman Well above Lines Proves that How skilled you are
          “Scan someone’s website without his permission is a crime.”
          .
          Professionals Never Use scanners to pentest a site We always do it manually. Guys Like you Scan your client’s infrastructure with pre-made scanners and Everyone knows Scanners point out only 30-60% vulnerabilities. That is why your clients Get Hacked ! That is the major reason behind HBL ‘s leak

          • script kiddies

            oh so you killed other with knife and not with guns ok understandable.

        • FACT

          Mr. So called “Well Wisher. Your comment is generalized one and out of context! As I already said, anyone commenting must have a logic and within context. So come out of ill mind state or stone age and comment in right way.

          Scanning or penetrating someone’s website is for sure illegal but when you or your colleagues or country fellows are at stake being account holders of those bank who do not care about their customers and do not listen to complaints- to come to the point, they hire wordpress kiddies to design and develop their websites and the NET BANKING where registered users have their records and so on! When banks do not listen to complaints, do not put hack proof professional system in place and just focus on earning money in both good and dirty ways and have no intention on spending some bucks to secure their account holders without whom their business is a big ZERO, then ETHICAL HACKING COMES IN PLACE with the purpose of alarming the banks to focus on security and spend some bucks to provide secure net banking! May be you don’t know this.

          And as per your comment-where bank stores data, I think I have much better knowledge than you and you seems do not have any single bit of IT sense because when someone hacks into a site, specifically a BANK website, he can access any customer account and can see his/her credentials of account and this way confidentiality of hundreds of thousands of account holders ruins!

          Would you like some stranger, neighbour, friend, colleague or EVEN relatives to know your confidential things, specifically talking about bank balance?? Of course you won’t!

          So, if someone is not giving you right-you have the right to snatch/get your right with force!

          Many people bad hackers, from Pakistan and even outsiders are targeting and attacking Banks websites and their account holders bcz they know these banking people are fooling people by putting a 10000-20000 RS. costed net banking sites or may be they are victims by IT noobs but they must take complaints seriously and must employ and put professionally secure system in Place.

          I hope you or people like you comes to your senses neutrally and know the reality!
          Banks must hold contests between couple of people for penetration testing and cover the loops to ensure security!
          But unfortunately, they are not getting bothered!

          FYI: I am a neutral person and commenting neutrally!

          • KIA CHAH RAHY HO

            kehna kia chah rahy ho “SUMMARY PLS” :D

            • FACT

              Beyond your level!

  • Guest

    As far as I know Haseen Usman he is the best guy in his field !
    and xpoiter or whtever , U r doing a crime ! and you can be in a big trouble !
    you are going against the laws , AND stop being so patriotic , we all know your reality.

    you are a thief , and you do all this to get money …
    you people dont deserve Pakistan …. and dont dare to compare yourself to Haseen Usman , He work for his country unlike you .
    Our country need people like him who are loyal to their motherland …
    You r just a bullshit here !

    • FACT

      I am replying neutrally to your comment. Who are you to decide who deserve Pakistan and who doesn’t? You perhaps don’t understand the main objective of those white hat hackers here and there is nothing bad in their doings-because they are disclosing those who are getting paid hundreds of thousands and NOT doing their jobs as required! In other words, its alarm for them to come out of shit and do their jobs.
      FYI- Haseen Usman or anyone like him is not working for country-he or someone same like him works for MONEY! But not making it halal by doing their jobs in full.
      Comment with logic without taking anyone’s side if you have courage!

    • Escobar Pablo

      and your Best guy in the field didn’t accepted challenge for Cyber Drill .

      • insider

        I may have a different opinion but always keep in mind the info on these sites and pastebin is just what the hacker wanted to expose. God knows how deep he may be inside hbl. FYI the vulnerability is still there hbl just removed one of the pages.
        Im with the Escobar Pablo gud job man unless u bring all these people to their knees people will never stop FNF culture of hiring.

        • zombie

          And Please who ever supports this Haseen Usman Guy does know jack shit abt anything. I have heard him once and man for sure this guy doesnt know jack shit what he is saying. 3 sec ma koi bhi linux ka server and aj kal drone pa kaam kar raha hn i mean come on man ” R u Crazy”. Pagal hi hain wo log jinho ne iss tool ko hire kia. Kam sai kam corporate sector tou bach hua tha.

  • Guest

    You are talking about side buddy?? you are a black hat.. can you get a ehtical hacking job? just tell me. all the multinational companies hire these type of Professionals for 150,000$ per annum. if you are at this level why dont you guyz join these organizations? they will pay you!. your whole life become luxurious. but they first check the criminal record of the person. he must clear all the security clearance.. you guyz cant go to that level because of your tiny thinkings! May Allah show us the right way!

    • FACT

      FYI- I am neither black hat NOR white hat- I am not hacker, I am neutral person here having all information about the stuff and business rules with Broader and deep thinking.

      You seems don’t know anything about Ethical hacking! People of this skill definitely get hired and they are known as “certified hackers” and Titled as Penetration testers who work in jobs titled Penetration testing!

      FYI- Penetration testing is done by people who are hackers or in other words are able to hack or have knowledge and skills of a hacker but- white hat! This is the technique used to determine loop holes of a website security which later can be addressed and website is made secure- in other words, hack proof.

      This is part of job for an IT security personnel here as an example- Haseen Usman or any person doing such jobs are responsible, but those people are just lazy and don’t do their duties with right intentions and ignore their responsibilities and just sit and wait for their monthly checks of salary- how silly!

      Just spending few hundred thousand bucks and getting certificates is not enough, actual thing is to do job whole heartedly for which one is getting paid!

      Hope you or anyone thinking without any logic like you come to senses. I would always say- have a realistic logic in your comment and be neutral.

      FYI- I am not attacking on any particular person. By haseen Usman, I mean anyone who is doing same job.

  • khizer

    HAHhh!! Kudos to SQL Injection :)

  • wheel.reinventer

    Any Luck with Askari Bank Website :)

  • Jerry Hassan

    Escobar Pablo , very hot exposure bro ;) . Now to all those who thinks that this is not a serious hack or not a serious matter , HBL clients are safe etc etc. kindly don’t shout if you don’t have enough knowledge about the consequences of such vulnerabilities .first
    Escobar Pablo just exposed it ,he didn’t utilize this vulnerability for financial gains. ( kinda like white hat :P ) , what if he would have injected the website with malware ,spyware ? every client of HBL would be injected easily then this way ,their user name passwords , pin codes would be in
    Escobar Pablo hands now .
    Escobar Pablo, next time inject sites with malwares silently and stealthily :D

  • Haseeb

    report on HBL were fake. I’ve access to the HBL global contacts database. None of the Email addresses mentioned in the allegedly leaked database is incorrect. Please do not miss lead the public.

    • FACT

      What you wrote is not giving meaning of what you are trying to say.
      Correct your English!
      Comment with logic and proof………….

      • Kamal

        I checked these e-mail address too on the the database , they are not valid , Lol to the hacker you get nothing !
        @FACTANALYSIS:disqus : Dont comment when you dont understand kid .
        you are new to this !
        HBL IS STILL SAFE :) Thanks to the security Team !

        • FACT

          Kamal, are you from HBL?? If not then how can you check DB?

          You seems kiddie in this and seems from bank’s staff trying to paint your incapability by portraying fake salute to so called security team of kiddies!

          Grow up man, have courage to comment neutrally with logics and based on real facts!

    • FACT

      Haseeb, comment in urdu if your English is poor, there shouldn’t be any hesitance.

      Your sentence: [None of the Email addresses mentioned in the allegedly leaked database is incorrect.] It means you are saying the list is correct! ;) while i guess you wanted to say the list is not correct! ;)

  • p0iz0neR

    HBL site was actually hacked. Getting into DB also means hack. So its not important to discuss that DB was Financial or not. HBL bank has a reputation with over 1500 Plus branches world wide. This hack has greatly effected the reputation of Habib Bank and it is a lesson to all HBL Information Security Division to not be over confident with their Degrees or Certification and the Experience which is irrelevant to Hacking Skill. Always remember “Do not anger one who can upload shell on your server”. Hope this is a very GooD lesson to HBL IT Security Division.

    p0iz0neR

  • faisal

    ohooooo bad bachay aisa achi baat ni yaaaaaaaaaaaaar mera account tu 1500 rp hai alhamdulillah

  • zardari

    what a misleading title of the post.
    its the website that has been hacked not the bank, fool!

  • Online Dress

    Looks like more banks are being attached.

  • NoOb

    Xploiter+Escobar Pablo= Mansab

  • Abbas Khalid

    Banks and FIA should learn from USA who hire the best of hackers in CIA, FBI and turn them into guards of security and data from cheap hackers. They have the best brains in I.T industry we should utilize them to beef up our security and make them guardians of our I.T industry.