InvestBank UAE breach and Hacker Buba extortion
A hacker calling himself Hacker Buba breached Sharjah-based InvestBank, demanded a $3 million ransom, and then leaked tens of thousands of customer records including credit card numbers, passports and account details when the bank refused to pay.
- Victim
- InvestBank
- records
- 40.0K
- users
- 40.0K
In late 2015, a hacker operating under the alias Hacker Buba breached InvestBank, a commercial bank headquartered in Sharjah, United Arab Emirates, and attempted to extort $3 million in exchange for not publishing the stolen data. When the bank refused, the attacker dumped tens of thousands of sensitive customer records online — one of the first high-profile bank-extortion-and-leak incidents in the Gulf.
What happened
Hacker Buba claimed to have penetrated InvestBank's systems and exfiltrated a large trove of customer information. In December 2015, the attacker contacted the bank demanding $3 million to keep the data private. InvestBank declined to pay. In the weeks that followed, the hacker released customer records publicly and continued to advertise and sell the dataset via Twitter into late January 2016.
The leaked data was unusually sensitive for a financial institution. According to reporting, it included full customer names, dates of birth, credit card numbers, account details, passport information and CVV codes — effectively everything needed to commit large-scale financial fraud.
Impact
- Roughly 40,000 customers were reported affected, with personal and financial data exposed.
- The exposure of card numbers and CVV codes created direct fraud risk, forcing card reissuance and heightened monitoring.
- In May 2016, a separate group calling itself Bozkurt Hackers re-released a 10 GB dump; InvestBank stated this was the same data stolen the previous year, not a new breach, and researchers doubted Bozkurt was the original intruder.
- The repeated re-circulation kept the stolen records in play on the dark web, where copies were reportedly sold for trivial sums.
Attribution
The original breach was claimed by the lone actor Hacker Buba, whose real identity was never established. The later re-release by Bozkurt Hackers appeared to be opportunistic recycling — analysts assessed the group was seeking notoriety rather than having carried out the original intrusion. No arrests were publicly reported.
Why it matters
The InvestBank case was an early, vivid demonstration of the extort-then-leak playbook against Gulf financial institutions — years before ransomware gangs industrialized the model with leak sites. It showed that refusing to pay does not guarantee containment once data is exfiltrated, and that leaked banking data resurfaces repeatedly. The incident helped push UAE regulators and banks toward stricter breach-notification expectations and stronger protection of cardholder data.
Timeline
A hacker using the alias 'Hacker Buba' compromises InvestBank's systems and exfiltrates customer data.
Hacker Buba demands a $3 million ransom from InvestBank to prevent publication of the stolen data.
After the bank refuses to pay, the attacker begins leaking customer records publicly via social media and file-sharing.
Hacker Buba continues to advertise and sell the dataset via Twitter into late January.
A group called Bozkurt Hackers re-releases a 10 GB dump; InvestBank says it is the same data stolen the previous year, not a new breach.
Sources
- securityweek.comhttps://www.securityweek.com/investbank-says-leaked-data-old-breach/
- databreachtoday.comhttps://www.databreachtoday.com/investbank-uae-breached-a-9086
- hackread.comhttps://hackread.com/uae-investbank-qatar-national-bank-data-dark-web/
- bitdefender.comhttps://www.bitdefender.com/en-us/blog/hotforsecurity/hacker-demands-3-million-ransom-for-keeping-the-lid-on-stolen-uae-bank-customer-information