Brinztech Alert: The Alleged Database of Bioaquakala is on Sale

Dark Web News Analysis

The alleged database of Bioaquakala, a prominent Iranian e-commerce website specializing in cosmetics and skincare, is being sold on a hacker forum. The breach, which was allegedly performed by the threat actor @Spirigatito, reportedly contains 409,266 unique user records. The compromised dataset is highly sensitive, including Personally Identifiable Information (PII) such as Full Names, UserNames, Phone numbers, Dates of Birth (DOB), Email addresses, Postal Codes, and most critically, National Codes and Financial Codes. The seller is accepting payment in cryptocurrencies (BTC/ETH/XMR), indicating a clear attempt to remain anonymous and untraceable.

Key Cybersecurity Insights

The exposure of National ID numbers alongside financial identifiers creates a “gold standard” dataset for identity fraud in the region:

• High-Risk PII Exposure: The inclusion of the Iranian National Code (Code Melli) is the most critical aspect of this breach. In Iran, the National Code is required for almost all government, legal, and banking services. When combined with Financial Codes (likely Sheba or account numbers) and phone numbers, attackers have everything they need to commit banking fraud or open fraudulent lines of credit.
• Targeted Regional Threat: Given that Bioaquakala caters to the Iranian market, this breach specifically impacts local citizens. Threat actors specializing in the region can abuse the “Phone + National Code” combination to attempt SIM Swapping or to reset passwords on government e-services.
• E-commerce Vulnerability: Cosmetics e-commerce platforms are frequent targets because they store high volumes of recurring customer data. The presence of 400k+ records suggests a full dump of the user table, likely via an SQL Injection vulnerability or a compromised administrative panel.
• Actor Profile: The attribution to @Spirigatito helps analysts track the TTPs (Tactics, Techniques, and Procedures) of the attacker. Tracking this actor’s history may reveal if they frequently target specific CMS platforms or regional industries.

Mitigation Strategies

To protect the user base and mitigate financial fraud, the following strategies are recommended:

• Compromised Credential Monitoring: Implement monitoring for compromised credentials associated with the leaked database. Since users often reuse passwords, security teams should check if these credentials are being tested against banking portals or other e-commerce sites.
• Enhanced Authentication (MFA): Enforce Multi-Factor Authentication (MFA) across all user accounts. For an e-commerce platform holding financial data, SMS-based MFA is a minimum requirement, though app-based authenticators are preferred to mitigate SIM swapping risks.
• Phishing Awareness Training: Conduct phishing awareness campaigns for customers. Warn them specifically about SMS or emails claiming to be from the judiciary or banking sector referencing their “National Code,” a common social engineering tactic in Iran.
• Data Breach Simulation: Conduct tabletop exercises to simulate data breach scenarios. Evaluate the incident response team’s ability to detect large data exfiltration and their speed in notifying affected customers.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com