Hacker Exposes Three Million Iranian Bank Account Details

Bank customers in Iran have been told to change their credit and debit card passwords after three million account details were compromised in a hack.

The Persian Fars News Agency has reported that a “computer specialist”, formerly employed by a PSP (payment service provider), was responsible for the data breach.

System flaw

Khosrow Zare Farid, identified by Kabir News, used to be a manager at the Eniak company, helping to provide electronic payments services to several national banks.

“Around one year ago I found a critical bug in the system,” said Zare Farid, according to Kabir News.  “Then I wrote and sent a formal report to all the CEO of banks in Iran but none of them replied to me.”

Following this initial lack of response from the banks, he sent them 1,000 account details to highlight the lack of protection afforded to customers, though this too failed to arouse concern.

Eventually, Zare Farid chose to publish three million card details obtained from more than 20 Iranian banks on his blog, finally provoking a reaction from the banks.

Saderat, Eghtesad Novin and Saman, three of the breached banks, sent a text message to customers over the weekend, asking them to update bank card passwords. The Central Bank of Iran (CBI) also issued a warning, but added that fraud seemed unlikely considering the details leaked in the breach.

“It is possible that certain individuals have some information… but they cannot use this information until the bank cards are not in their possession,” said Nasser Hakimi, a CBI official, speaking to the Persian service of IRNA.

Is your bank account safe? Try our Internet security quiz