Brinztech Alert: The Alleged Database of Bank Sepah is on Sale

Dark Web News Analysis

The dark web news reports a severe potential data breach involving Bank Sepah, one of Iran’s oldest and largest financial institutions. A threat actor is currently offering a database for sale on a hacker forum that allegedly contains highly sensitive customer and financial records. The comprised dataset is extensive, reportedly including National Codes (Code Melli), full names, dates of birth, phone numbers, and physical addresses. Even more critically, the leak includes deep financial data such as account numbers, account types, current balances, and detailed transaction histories.

Key Cybersecurity Insights

Breaches involving combined PII and transaction logs are the “gold standard” for financial criminals, enabling sophisticated fraud vectors:

• The “Code Melli” Risk: In Iran, the National Code serves as the primary identifier for all government and banking services. Unlike a US SSN which is private, the National Code is often used as a username, but when combined with the Date of Birth and Phone Number found in this leak, it allows attackers to bypass identity verification questions for phone banking or government portals.
• Transaction History Exploitation: Possession of Transaction Details and Balances allows for “Perfect Context” phishing. Scammers can call a victim and say, “We see a transaction of 5,000,000 Rials at [Store Name] yesterday. We need to verify this.” Because the scammer knows the exact amount and merchant, the victim trusts them immediately, leading to OTP theft.
• Targeted Extortion: High-net-worth individuals can be identified via the Account Balance field. Criminals can target these specific users for physical extortion, kidnapping, or advanced digital theft, knowing exactly how much liquidity is available in the account.
• SIM Swapping: The combination of mobile numbers and full identity documents (National Code/DOB) significantly increases the risk of SIM Swapping. If attackers gain control of the victim’s phone number, they can intercept SMS 2FA codes to drain the exposed bank accounts.

Mitigation Strategies

To mitigate the immediate risks of financial loss and identity theft, the following strategies are recommended:

• Transaction Monitoring: Bank Sepah must implement aggressive heuristic monitoring. Flag any high-value transfers initiated from new devices or IP addresses. Look for “drainer” patterns where accounts are emptied rapidly.
• Mandatory Password/PIN Reset: Force a reset of all mobile banking passwords and card PINs.
• Customer Awareness: Issue a frantic warning via SMS and official channels: “Bank Sepah will NEVER call you to ask for your password or OTP. Do not trust callers even if they know your recent transaction history.”
• Leak Verification: Purchase or acquire a sample of the data to verify its timestamp. Determine if this is a live extraction (indicating a current backdoor) or a historical dump.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com