Brinztech Alert: 40 Million MTN Irancell Records Allegedly Leaked

Dark Web News Analysis

Cybersecurity intelligence from February 23, 2026, has identified a high-priority data dump on a major hacker forum involving MTN Irancell (irancell.ir). The leak, appearing shortly after the end of a nationwide internet blackout in January 2026, reportedly exposes nearly 60% of the operator’s active subscriber base.

The threat actor is advertising a massive database in Microsoft Access (MDB) format—a legacy file type that suggests the data may have been exfiltrated from an older backend system or an inadequately secured backup server. The exfiltrated information is exceptionally sensitive and includes:

• Government Identifiers: Full names, surnames, and National ID (Melli Code) numbers.
• Personally Identifiable Information (PII): Mobile phone numbers and precise residential home addresses.
• Fixed-Line Data: Associated landline home numbers, which are often used for identity verification in banking and utility services.

Key Cybersecurity Insights

The breach of a primary telecommunications provider represents a “Tier 1” threat due to the scale of the exposure and the volatile geopolitical context:

• Weaponized Social Engineering: The combination of National IDs and phone numbers allows scammers to launch hyper-convincing “Official” lures. Customers are significantly more likely to trust a notification regarding “SIM card registration updates” or “tax adjustments” if the message correctly cites their precise national identifiers.
• Systemic Identity Theft: The National ID (Melli Code) is the foundation of digital identity in Iran. Its exposure, alongside residential addresses, provides a “master key” for identity cloning, allowing malicious actors to attempt unauthorized access to government portals, social insurance systems, and financial platforms.
• Surveillance and Doxing Risks: In the context of recent internal unrest, the leak of home addresses for 40 million citizens poses a catastrophic privacy and physical safety risk. This data can be used for doxing, harassment, or targeted tracking of specific individuals by non-state actors or malicious groups.
• Infrastructure Fragility: The use of the MDB format for such a vast dataset highlights a potential “Technical Debt” crisis. It suggests that while the front-end of Iran’s digital infrastructure is modernizing, the core subscriber databases may still rely on legacy systems that lack modern encryption and access controls.

Mitigation Strategies

To protect your digital identity and ensure organizational resilience following this exposure, the following strategies are urgently recommended:

• Immediate “Out-of-Band” Verification: If you are an Irancell subscriber and receive a call or SMS regarding your “National ID” or “Registration Status,” hang up immediately. Verify the information by visiting an official Irancell service center in person or using the MyIrancell app through a secure, non-public Wi-Fi connection.
• Update Financial & Portal Security: Since your National ID and address are now potentially public, never use them as security answers for any online service. Switch to app-based MFA for your banking and messaging apps to prevent SIM-swap attacks.
• Monitor SIM Card Activity: Regularly check for unauthorized SIM cards registered under your name. In Iran, you can use the official government “CRA” portal to verify how many SIMs are linked to your National ID. If you find unknown numbers, report them and have them deactivated immediately.
• Enhanced Log Monitoring for Enterprises: Organizations that use Irancell lines for business communications should immediately activate enhanced monitoring for anomalous network activity or unauthorized “Sim-Swap” attempts targeting executive or administrative numbers.

Secure Your Future with Brinztech — Global Cybersecurity Solutions

From telecommunications giants and state-owned enterprises to SMEs, Brinztech provides the strategic oversight necessary to defend against evolving digital threats. We offer expert consultancy to audit your current IT policies and GRC frameworks, identifying critical vulnerabilities in your legacy database environments before they can be exploited. Whether you are protecting a national subscriber network or a private corporate gateway, we ensure your security posture translates into lasting technical resilience—keeping your digital footprint secure, your customers’ data private, and your future protected.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com