What did attackers break into?
Bank servers and customer datasets. About 1.4 GB of internal files and records were posted online; later tallies suggested more than 100,000 affected accounts. [1][2]
How did the attackers break into it?
Analysts who reviewed leaked logs reported SQL injection against a public-facing application (automated with sqlmap); the bank did not publicly confirm the exact vector.
Who was impacted?
Retail and VIP customers. Media reports said files included data tied to journalists, members of the Al Thani family, and officials. [1][2]
How was it investigated?
QNB said it engaged an external forensics firm and reported no financial impact to customers; coverage noted an internal review while outside researchers analyzed the dump. [2]
What did attackers break into?
The QNA website and social accounts. Attackers posted fabricated remarks attributed to the Emir. [3]
How did the attackers break into it?
Qatar’s Interior Ministry said the operation exploited a software bug on the QNA site; a malicious file planted in April was used on May 24 to publish the fake story. [3]
Who was impacted?
QNA and the wider public. The false remarks helped trigger a regional crisis, with several states cutting ties with Qatar on June 5, 2017. [3]
How was it investigated?
Qatar requested help from U.S. investigators, including the FBI. Later reporting, citing U.S. intelligence officials, attributed the operation to the UAE, which denied involvement. [4]