Brinztech Alert: Alleged Database of Hyper Me (Iranian Hypermarket) is Leaked

Dark Web News Analysis

A threat actor utilizing the alias “Machinegun-“ has claimed responsibility for leaking a database belonging to Hyper Me, a prominent chain of hypermarket stores in Iran. The dataset is available for download on a monitored hacker forum and reportedly contains customer loyalty or transaction records.

Brinztech Analysis:

• The Target: Hyper Me is a major retail player in Iran. Retail databases are valuable for their high volume of active consumer phone numbers and spending habits.
• The Data: The leak is described as containing specific fields likely related to a Loyalty Program or CRM:
  • Identity: fName (First Name), lName (Last Name).
  • Contact: Mobile (Phone Number).
  • Loyalty/Financial: PCode (Person Code/National ID), Point (Loyalty Points balance), Cardno (Likely a Loyalty Card Number or partial payment card), StoreCode.
  • Metadata: DateFrom, DateTo (Membership validity or transaction windows).
• The Threat Actor: “Machinegun-” has indicated that further data dumps may follow, suggesting they still have access to the system or are slowly releasing a massive dataset to gain reputation.

Key Cybersecurity Insights

This alleged data breach presents specific risks to Iranian consumers and the retail sector:

• Loyalty Point Fraud: The exposure of Point balances and Cardno allows attackers to target users with high point balances. In many Iranian retail apps, points can be converted to cash discounts. Attackers might clone loyalty cards or access accounts to drain these points.
• SMS Spam & Smishing: With valid Mobile numbers and names, users will face a surge in SMS spam (a common issue in Iran).
  • Scenario: A user receives an SMS: “Hi [fName], you have [Point] points expiring soon at Hyper Me. Click here to redeem.” The accuracy of the point balance makes the phishing link highly clickable.
• National ID (Code Melli) Risk: If PCode refers to the Iranian National ID, this elevates the breach to an identity theft risk, as this ID is used for almost all government and banking services in Iran.
• Regional Context: Cyberattacks on Iranian infrastructure are frequent. Retailers often have weaker cybersecurity postures compared to state-owned banks, making them softer targets for “hacktivist” groups or data brokers.

Mitigation Strategies

In response to this claim, Hyper Me and its customers must act immediately:

• Loyalty Account Freeze: Hyper Me should temporarily freeze point redemptions or require OTP verification (sent to the registered mobile) for any point usage to stop theft.
• Customer Notification: Inform customers via SMS (from the official number only) that a breach occurred. Warn them specifically about fake “Point Expiry” messages.
• Password Reset: If the loyalty program has a web/app portal, force a password reset for all users.
• Monitor “Machinegun-“: Security teams should monitor the actor’s activity to see if they release the promised “further dumps,” which might include more sensitive payment data.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com