Thousands, including 'MI6 spies', have bank details leaked

Thousands, including 'MI6 spies', have bank details leaked
A huge data leak, which appears to have originated from Qatar National Bank, may have left as many as a million customers vulnerable to online fraud.
4 min read
26 April, 2016
Credit card details of hundreds of thousands of customers were included in the leak [AFP]

A huge data leak may have left as many as a million Qatar residents vulnerable to online fraud, while seemingly "outing" several Al Jazeera staff, as well as others, as international spies.

The trove of spreadsheets and text files appears to have been sourced from Qatar National Bank and contains the banking and personal details of hundreds of thousands of people.

Even the royal family of the tiny gas-rich Gulf nation are thought to be at risk.

Credit card numbers, expiry dates and PIN codes, along with names and addresses belonging to more than 850,000 people are contained within the leak.

But it is a series of reports - stored as unencrypted plain text files - that will likely cause most official concern. They appear to show how some person, agency or institution has collected intelligence on the bank's customers.

A select 29 Al Jazeera employees - of more than 1,200 whose details are listed in the leak - have come in for special attention from the leak's authors.

They are listed by name, and their files contain not only their email addresses and phone numbers, but their bank website log-ins, passwords, reminder questions and answers. International bank transfers are also listed.

In some cases, Twitter handles are listed, and portrait photos stored with the target's details.

The data dump is extensive, and includes the details
of hundreds of thousands of the bank's customers [The New Arab]

Bond's bonds?

Three of the Al Jazeera staff whose details are selected have the word 'spy' appended to their names.

Among the folders categorising reports on banks, corporations, the ruling al-Thani family, police and defence organisations, is a folder marked "SPY, Intelligence".

Contained within are details of 12 account holders identified as working for espionage agencies, including two from France, one from the United States' Defence Intelligence Agency and one from Britain's MI6.

Ominously, several of these reports, including that of the alleged MI6 officer, contain not only banking details, but personal details - including the Facebook profiles of the subject's wife and children, and their photographs.

At least one subject has the name of their child's school noted. The motivation for storing such information is likely to be seen as deeply sinister to many.

At least one subject has the name of their child's school noted. The motivation for storing such information is likely to be seen as deeply sinister to many.

Credit card numbers of the state security bureau are also listed.

Sources have told The New Arab that the leak comes from old server data in 2011. The New Arab has been able to partly verify some of the information in the leak. We have as yet been unable to determine the total authenticity of the entire data dump.

QNB, meanwhile, has vehemently rejected reports that customers are at risk.

The leaked data has specific categories for
areas of particular focus to the author [The New Arab]

"It is QNB Group policy not to comment on reports circulated via social media," the bank said in an online statement.

"QNB would like to take this opportunity to assure all concerned that there is no financial impact on our clients or the bank. QNB Group places the highest priority on data security and deploying the strongest measures possible to ensure the integrity of our customers' information. QNB is further investigating this matter in coordination with all concerned parties."

It remains highly unlikely that a bank would be interested in collating all of this information, and would certainly be more than unlikely to store it such a way - keeping passwords and PINs in plain text files is probably the most accessible, least secure way to store any data, not least such sensitive information.

The question remains as to who, then, collected this information and stored it in this format, and why? Who subsequently leaked the information, and what would they stand to gain?

What is clear is that this huge leak runs deeper than some Al Jazeera staffers and a few senior officials.

People working in every industry in Qatar are likely to be affected, and as the analysis and investigation deepens, further questions will be asked - of banking security, of international espionage and of the chances of privacy at a time when the walls of the most secure of information fortresses, be they in Panama or the Pentagon, appear to be crumbling.

Follow James Brownsell on Twitter: @JamesBrownsell