[DISABLED] Verifier for April 2016 alleged QNB hack

I have disabled this service. This page is kept for historical purposes. More details on a blogpost dated May 23th, 2016 »

On April 2016 a group of hackers released a file allegedly containing information about QNB customers [Doha News]. Inside that file, there is a table containing a list of a few hundred thousand supposed QNB customers, of which around 60K listed a primary e-mail address and about 360K a Qatar ID (QID).

I set-up a service that ran from April 27th to May 2nd for people to verify if their e-mail or QID was in the leaked files. On May 2nd my hosting provider forced me to remove the service on the basis of a bogus "phishing" complaint they did not investigate further.


Apr 27th: version 1.0 is based on a list of about 60K e-mails found in the archive (534MB zip file downloaded on April 27th, 2016), inside the QNB_CUSTOMER_MASTER.csv file in the primary_email field.

Apr 27th (afternoon): version 2.0 based on a list of about 368K Qatar IDs found in the same file in the national_id field.

Apr 29th: version 2.1 added 12K extra e-mail address found in the Backup IVR CUSTOMER.csv file and improved site for mobile access.

Apr 30th: a legal representative of QNB in Spain contacts me to ask me to disable this service, because according to them it can be used to capture e-mail addresses and account numbers. I explain that I built it specifically to prevent that (see "Privacy information"). The site is also being flooded with requests from several IP addresses in unsuccessful attempts to bring the service down.

May 1st: internet providers in Qatar are blocking this service. I set up an alternate address. Attacks continue intermittently, without success.

May 2nd: the same legal representative of QNB in Spain threatens me with a legal action concerning "the spreading of the public damage and defamation." They ask again to disable the service, and ask me to remove the mention to the place where I found the archive. I comply with the latter.

May 2nd (afternoon): my hosting provider disables my entire site on the basis of a bogus "phishing" complaint they did not investigate further. I am forced to disable this service to re-enable my site.

May 23rd: I publish a blogpost detailing these events and my experience.

I did not host the leaked archive, nor the leaked files, nor the list of e-mails or QIDs in plain text. Instead, I used the non-invertible hashing function MD5 of them.

Privacy information (while service was running)

By using this form a converted ("hashed") version of your input is transmitted, which can be observed by your ISP, by anyone in the middle, and by my hosting provider. Your data is not transmitted in plain text. I cannot see the e-mail or QID you enter: they are hashed in your browser. I do not keep information about who visits this page or what information they enter.

Who wrote this tool?

Carlos Castillo, computer scientist specialized on Big Crisis Data.