Brinztech Alert: Database of an Iranian Bank is on Sale

Dark Web News Analysis

A threat actor on a known cybercrime forum is claiming to sell a massive 16GB database that they allege contains the user information from three of Iran’s largest banks: Melli, Saderat, and Mellat. According to the seller’s post, the database is a comprehensive collection of highly sensitive Personally Identifiable Information (PII), purportedly including full names, national identification codes (code_melli), birthdates, mobile numbers, bank card numbers, and physical addresses. The seller is soliciting offers for the data via Telegram.

This claim, if true, represents a national financial security crisis for Iran. A simultaneous data breach of three of a country’s pillar banks is a systemic event that could severely undermine public trust in the entire Iranian banking sector. The data, if legitimate, provides a complete “identity kit” for a massive number of citizens, enabling criminals to perpetrate large-scale identity theft and direct financial fraud. The scope of the alleged breach suggests a potential compromise of a critical, shared third-party vendor.

Key Cybersecurity Insights

This alleged data breach presents a critical and systemic financial threat:

• A Catastrophic Threat to the Iranian Financial System: A data breach impacting a combined 16GB of records from three of a country’s largest banks is a systemic crisis. It has the potential to trigger widespread financial fraud and severely erode public confidence in the national banking system.
• A “Full Identity Kit” for a Massive Population: The alleged inclusion of the Iranian national ID code (code_melli), combined with a user’s full PII and bank card number, is a worst-case scenario. This is a complete toolkit for criminals to commit severe, long-term identity theft and financial fraud.
• Potential for a Major Shared Supply Chain Breach: The fact that three major, competing banks are allegedly being sold by the same actor is a major red flag. It strongly suggests the breach may not have occurred at the banks themselves but at a critical, shared third-party vendor they all use, such as a major data processor or a core banking software provider.

Mitigation Strategies

In response to a threat of this magnitude, the Iranian government, its banks, and citizens must take immediate action:

• Launch an Immediate National-Level Investigation: The Iranian government, through its central bank and national cybersecurity authorities, must immediately launch a top-priority, multi-agency investigation to verify this extraordinarily severe claim.
• Issue a Nationwide Alert and Enhance Fraud Monitoring: All Iranian financial institutions, not just the three named, must be placed on the highest possible alert. They need to enhance their real-time fraud detection systems to look for any suspicious activity. A widespread public alert should be issued to warn all citizens about the high risk of sophisticated scams.
• Mandate Proactive Security Hardening: The named banks must prepare a clear communication plan to inform their customers about the potential breach. They should enforce password resets for all online banking services and mandate the use of the strongest form of Multi-Factor Authentication (MFA) available.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com