The logo of Pakbugs, the hacker collective Xploiter is associated with.
With over 40 percent of the nationwide market share, Habib Bank (HBL) is sitting pretty in Pakistan. But perhaps that dominance lulled it into a false sense of security, because some of the banks online systems were apparently hacked in just 17 minutes by a Pakistani hacker named Xploiter.
According to a report on the Hackers Post, Xploiter used an SQL vulnerability to access 14 databases associated with the bank’s website, and while he or she didn’t get access to any customer data, Xploiter did get access to a number of accounts associated with HBL employees, and posted their login credentials (including plaintext passwords) and email accounts.
While it all seems to be fairly harmless compared to what you might think when you hear “bank hacked”, the Hackers Post and Propakistani both point out that it’s fairly pathetic for a modern bank to be storing any passwords in plain text, and I have to agree. Since it doesn’t seem any customer information was put at risk during this hack, hopefully it will just serve as a wake-up call to HBL and to other banks in the region about how easily lax security can be exploited in the digital age.