Major hack impacts Iranian firms

Security Affairs reports that numerous major organizations across Iran were claimed to have been hacked by the threat actor dubbed "irleaks" last month. More than 160 million records said to be exfiltrated from 23 insurance firms across the country have been peddled by irleaks since Dec. 20, with the hacker touting the stolen data to include individuals' names, birthdates, mobile numbers, national codes, and other data, according to a report from Hudson Rock, which has validated the legitimacy of the data sample shared by the attacker. Major Iranian delivery platform SnappFood was also claimed to be compromised on Dec. 30, with irleaks noting the theft of 3TB of data, including 20 million users' emails, phone numbers, and passwords, as well as 51 million user addresses and 600,000 credit card details. Despite uncertainties regarding the origin of the SnappFood attack, the platform may have had its credentials exposed following a StealC information-stealing malware attack against an employee computer that may have been conducted by a nation-state actor.