Threat Management, Threat Intelligence, Threat Management

Israeli hacker breaches systems of Iranian ISP

An Israeli hacker has breached the website of Iranian Internet Service Provider (ISP) Daba and is claiming to have leaked the details of 52,000 registered users.

Daba provides dial-up, ADSL communication, VOIP services and internet cards to users in Iran.

The hacker named Zurael_sTz took to his Twitter account to share three files containing leaked data acquired from the Daba domain (

Blog Hackread contacted the Israeli data mining company Hacked-DB which has conducted an in-depth analysis on what they found in the actual database.

The hacker is claiming to have leaked 52,000 user credentials, but upon scanning the leaked files, no such number was found. It is possible the rest of the data will surface in future.

The data breach exposed 342 email accounts, along with 2960 usernames with detailed sensitive data such as hashed passwords, bank account numbers, email addresses, telephone and mobile numbers. These details were found to be valid and linked to the website.

The leak also exposes the administrator account including the username, password (MD5), email address and name.

The leak follows the exposure of personal details of thousands of Telegram users in Iran last month. The leak contained full names, phone numbers and personal addresses of registered Telegram users.

Lee Munson, security researcher for, told “There are many things an organisation, such as the reportedly hacked Iranian ISP Daba, could do to protect itself from being breached, including the implementation of robust technical security controls, applicable policies and procedures and strong security and awareness training for all personnel.

“Users on the wrong end of a breach should change their affected passwords immediately and then change their login credentials everywhere else where they may have reused the same password, remembering to use different credentials for every account thereafter. In terms of protecting data, post-breach is too late, so consumers need to think carefully about what they share and with whom long before they hand their sensitive data over.”

Mike Patterson, CEO of Plixer, told SC: “Leaked login credentials and passwords have become commonplace.  For this reason, always use a different password for each site you have an account for. If the site is for completing financial transactions such as banking online, make sure they use two-factor authentication to an external source such as your mobile phone.”

Alex Mathews, technical manager, EMEA at Positive Technologies, told SC: “Enterprises should use web application firewalls to protect their web portals as well as regularly conduct audits of perimeter vulnerabilities – both with the help of vulnerability scanners and with penetration testing.”

And Mathews offered some advice to users on protecting their digital identity: “Passwords to the portal shall be changed, 2FA shall be on to make it harder to use credentials even if they were leaked. If people used these passwords again somewhere – change them, too.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.