InfoSecBulletin Cybersecurity for mankind
Hudson Researchers reported that on December 20th, ‘irleaks’ claimed to have 160 million records from 23 top insurance companies in Iran for sale.
The hacker says they have stolen data like names, birth dates, phone numbers, national codes, and more. They have shared a sample of the data and want $60,000 for it.
First couple “Rosie” to conceive using AI tech “STAR” successfully
Scattered Spider Actively Attacking Aviation and Transportation: FBI
Russia’s restrictions on Cloudflare making websites inaccessible
61 million Verizon records allegedly posted online for sale
Cyber Expert ‘Rene Joshilda’ Arrested for Bomb Hoaxes
Critical RCE Flaws in Cisco ISE and ISE-PIC Allow to Gain Root Access
CISA Warns of FortiOS Hard-Coded Credentials Vulns
5 vendors’ printer totaling 748 models affected: Rapid7
Citrix Released Emergency Patches for Actively Exploited CVE-2025-6543
SonicWall warns of a trojanized NetExtender stealing VPN logins
The data contains personal information like names, phone numbers, ID numbers, addresses, passport numbers, and other sensitive details.
Researchers from Hudson Rock confirm that the data seems to be authentic and mention that carrying out an attack on this scale against numerous insurance companies is extremely challenging.
However, the breach wasn’t sufficient for “irleaks”. On December 30th, the threat actor posted another message claiming to have hacked SnappFood, Iran’s biggest online food ordering company.
The data that was apparently exfiltrated from the company amounts to a staggering 3 Terabytes, and includes incredibly sensitive details such as:
*20,000,000 users data (emails, passwords, phone numbers)
* 51,000,000 user addresses
* 600,000 credit cards data
* 180,000,000 device related information
SnappFood noticed the breach and quickly stated that they are investigating the attack.
It is worth noting that although the origin of the breach is unknown, Hudson Rock researchers identified a recently compromised employee of SnappFood who had their computer infected with a StealC infostealer.
The infection of this employee’s computer resulted in many sensitive credentials of the organization being accessible to some hackers and may have been used as an initial attack vector against the company.
Some of the data includes login details to the company’s Confluence server, Jira server, and other development related URLs.
The combination of sophisticated attacks launched by a single threat actor against industry leading companies in Iran raises the question if this was a state-sponsored attack.
