HBL- Habib Bank Limited Hacked by Xploiter From PakBugs

A famous Pakistani hacker by the code name of Xploiter has hacked the biggest Pakistani bank, Habib Bank Limited - HBL. The hacker leaked the database of the website and posted the database credentials online.

14 databases belonging to the HBL bank posted online by the hacker with database names and tables. Error based SQL Injection was found by the hacker on the website with vulnerable file search_results_carbranch.php. The hacker exploited the vulnerability with mysql Union Query method and accessed the databases of the website, according to the leaked document.

This is not the first time Xploiter hacked the banking System, before Soneri Bank was hacked by the same hacker.

A list of login credentials also posted in the document, containing username, plain password and emails. Its really pathetic that Bank stored the passwords in the plain text which shows HBL security level. HBL really needs to take a look at its security to protect it from these kind of attacks.

Attacked Site:

The hacker mocked at the HBL website security by saying it took 17 minutes to get into HBL system. Complete note can be found below.

A note left by the hacker on the leaked document:
You must have listen about us in news , blogs , headlines , gov charges etc. etc. What I See, Same Like Soneri Bank , HBL is in Untelanted Hands ! Just 17 minutes and We are Inside HBL’s Database lol. Your are just hiring noobs with Degree