Article Lead Image

After asking UAE bank for $3 million ransom, hacker dumps tens of thousands of customers’ transactions history online

He calls himself Hacker Buba, and he's shared tens of thousands of customers' complete financial information.


Kevin Collier


Posted on Dec 2, 2015   Updated on May 27, 2021, 1:50 pm CDT

Just over week after a hacker breached a United Arab Emirates Bank, demanding a ransom to stop tweeting customers’ information, he appears to have dumped tens of thousands of customer files online.

As captured in archived tweets on since-deleted accounts, a user identifying himself as “Hacker Buba” tweeted information, mostly of corporate accounts, that was reportedly stolen from Invest Bank. He told Mazhar Farooqui, editor of the Dubai-based XPress newspaper, that he had an audacious scheme: if he wasn’t paid $3 million in Bitcoin, he’d keep leaking that information. One bank executive confirmed the hack to Farooqui, adding that, “This is blackmail.”

Multiple employees at the bank—which is unmentioned in the XPress report, but repeatedly referred to by Hacker Buba as the 40-year-old, Sharjah-based Invest Bank—didn’t respond to the Daily Dot’s request for comment. Neither did the two government agencies that the banking official said he’d referred the case to. But it appears that the bank didn’t actually pony up the full ransom, because someone claiming to be Hacker Buba has posted customer databases online.

The means by which that information was posted is striking. Hacker Buba initially tweeted from accounts like @investbank_2, though those were quickly deleted. But late Tuesday night and then again on Wednesday, approximately 50 seemingly unrelated Twitter accounts began tweeting the same message, which included both the name Invest Bank and a link to a site, signed Hacker Buba, that had six zip files purporting to obtain that vast bank information.


The way that information was stored is even more bizarre. It sat—and still does, as of this writing—on the website of an eastern European basketball team, apparently also hacked by Buba and used as a temporary storage space. The administrators of that website also didn’t respond to request for comment.

The actual data appears to be real. And it’s vast. One database analyzed by the Daily Dot includes the sensitive information of around 40,000 customers, including their full names, credit card numbers, and birthdays. One account contained 4,7174,962.38 dirham, or $12,844,589.77. Those accounts’ total earnings add up to $110,736,002.

Other databases show information for other customers, and include detailed transaction histories.

We’ll update if we receive comment from Invest Bank or Hacker Buba.

Update 11:01am CT, Dec. 5: In an email to the Daily Dot, Invest Bank Assistant Manager for General Operations Qasim Kazmi said that paying Hacker Buba’s ransom was out of the question: “No we have not paid nor do we intend to or negotiate with blackmailers.”

The hacked site where Buba had stored the files apparently regained some control, and now is visible only to users with login credentials. 

Additional reporting by William Turton. Illustration via Jason Reed.

Share this article
*First Published: Dec 2, 2015, 12:00 pm CST