Iran Hack Exposes 3 Million Accounts

Bank Attack Reflects Global Hacktivist Trend, Expert Says
Iran Hack Exposes 3 Million Accounts

A hacker's posting of 3 million debit account numbers and PINs stolen from banks in Iran is the latest example of the worldwide growth in hacktivism.

See Also: Hunt Cloud Threats or Be Hunted | CISO Guide to Cloud Compromise Assessments

U.S. security analyst Avivah Litan of the consulting firm Gartner expects more attacks like the one against Iran's banking system by the hacker known as Khosrow Zarefarid.

"Cyberattacks that are instigated by political motivations, launched by hostile nation states and parties, or by actors hostile to particular national states, will become more commonplace," she says, because more hackers will try to draw attention to their favorite causes.

Details of Hacking Incident

Zarefarid reportedly became frustrated when the Shetab payment network ignored his plea to repair security gaps and bugs he discovered in the network more than a year ago, when he worked as a manager at Eniac Tech, which operates the network. He sent a report about the security flaws to the heads of all of Iran's major banks, according to Kabir News. When no banks replied, he decided to take action and stole the account numbers and posted them.

Zarefarid published all the details he had stolen, including card numbers and PINs, on his blog: As of late afternoon Eastern Time on April 18, the card numbers still appeared on the blog, beginning on page four.

So far, Iranian banks have responded by advising cardholders to change their passwords. The Central Bank also issued a statement, apologizing for the incident.

About the Author

Information Security Media Group

Information Security Media Group (ISMG) is the world's largest media company devoted to information security and risk management. Each of its 37 media sites provides relevant education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Its yearly global summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.