Major IR leaks
Published: 2024-09-04 · Archived: 2026-04-05 18:03:06 UTC
LEAKFA
Currently includes:
48 major leaks
10 minor leaks
for a total of 58 leaks
Source and statement
This page only shows leaks over 5k lines. Minor leaks are only available for victim inquiries.
The magnitude of the leak, exposed items and affected accounts are obtained after removing duplicates and
incorrect items and may differ from the original data.
The information sources of this website are taken from available and public databases on the Internet, the website
does not save the original information of the databases, only the things needed for users’ searches are stored in
coded form. Attacking this website does not provide you with any information. This website will take legal action
if any intrusion attempt is detected.
National Bank of IranThe magnitude of the leak69,900,000confirmedgeneralimportant
Disclosed items
Name, surname, father’s name, date of birth, national number, card number, mobile phone number, city, province,
address
narration
In 1400, a database containing the information of more than 70 million real and legal customers of the National
Bank of Iran was put up for sale on dark web markets. A few days later, a part of this database was published in a
hacker forum. This data included first name, last name, father’s name, date of birth, national number and other
information of customers. In an announcement, National Bank Public Relations, while emphasizing the use of
information security equipment, controls, policies and procedures based on standards and methods and upstream
requirements, denied the published claims regarding the leakage of customer information and added, “Currently,
the investigations are also continues, but no results have been obtained regarding the validity of this claim”.
Leak date: 12 January 1400
Affected accounts: 69,976,577
In the news: attached reportExport Bank of IranThe magnitude of the leak63,000,000confirmedgeneral
https://cybershafarat.com/2024/09/04/major-ir-leaks/
Page 1 of 21

Disclosed items
Account number, customer number, name, surname, card number, username, internet bank password, password
reminder, email address, mobile phone number, account type, account opening date, branch code
narration
In April 2019, a database containing the information of 63 million real and legal customers of Saderat Bank of
Iran was put up for sale in one of the hacker forums. family name, account number, customer number, card
number, account type, email address and other information. Saderat Bank of Iran has not shown any official
reaction to this issue, but Saderat Bank’s public relations in a conversation with Mahname Farahed announced that
“initial checks of the published information show that this news is not very accurate and they are investigating it
more closely.”
Leak date: April 19, 2019
Affected accounts: 63,091,551
In the news: Euronews reportInstagramThe magnitude of the leak40,000,000confirmedgeneral
Disclosed items
User ID, Username, Full Name, Email Address, Mobile Number, Profile Picture, Privacy Status, Account
Verification Status
narration
In Isfand 1400, security researcher Bob Dyachenko announced the disclosure of the information of millions of
Iranian users by an unprotected Elasticsearch. It was made publicly available due to misconfiguration of security
settings. A few months later, a database containing information on more than 40 million Instagram accounts and
1.2 million Twitter accounts, including user IDs, usernames, full names, locations, website addresses, profile
pictures, profile bios, mobile phone numbers, and email addresses. which was hosted on this website, was put up
for sale on a hacker forum.
Leak date: March 4, 1400
Affected accounts: 40,694,833
in the news: Tejaratnews reportIrancellThe magnitude of the leak37,000,000confirmedgeneralimportant
Disclosed items
Name, surname, landline phone number, mobile phone number, city, place of residence, postal code, national
number
narration
In June 2014, Irancell, a communication service company that operates Iran’s largest mobile phone network,
suffered a data failure. This data breach led to the disclosure of its customers’ information, including more than 37
https://cybershafarat.com/2024/09/04/major-ir-leaks/
Page 2 of 21

million names, surnames, mobile and landline numbers, provinces, cities, residential addresses, zip codes and
national codes. Irancell did not take responsibility for the leak of this data and blamed the competitors for the
confusion caused by this news.
Leak date: June 27, 2013
Affected accounts: 37,084,245
Official statement: Irancell statementhunting systemThe magnitude of the leak35,200,000confirmedgeneral
Disclosed items
Full name, username, user ID, profile biography, mobile phone number
narration
In April 2019, Bob Dyachenko, a security researcher, discovered a huge collection of data that was related to
Iranians and was placed in an unprotected database. According to him, it took 11 days for this database, which was
hosted on a service called “Samaneh Shekar”, to become unavailable, which has caused other people to gain
access to it and put the data up for sale. This incident led to the disclosure of the information of 35 million
Telegram user accounts, including names, user IDs, usernames, phone numbers, hashes, and secret keys, along
with the information of 4 million Instagram user accounts, including usernames, profile pictures, names, and
biographies. (Bio) became users.
Leak date: April 2, 2019
Affected accounts: 35,253,119
In the news: ISNA reportMellat BankThe magnitude of the leak30,000,000confirmedgeneralimportant
Disclosed items
Name, surname, father’s name, birth certificate number, national number, date of birth, city, province, city of birth,
province of birth, address or address, account number, card number, mobile phone number
narration
In May 1400, a database containing the information of more than 30 million real and legal customers of Bank
Mellat was put up for sale in one of the hacker forums. These data include name, surname, father’s name, national
ID number, national code, date of birth, city. , province, address and other information of customers. Bank Mellat
has not yet taken responsibility for the leakage of this data, and by publishing a notice, while emphasizing the
bank’s commitment to protect the information of its customers, it announced that “the dimensions of this claim are
being investigated by the bank’s specialized and technical teams”.
Leak date: May 22, 1400
Affected accounts: 30,099,465
In the news: Mehr reporttraysThe magnitude of the leak26,300,000confirmedgeneralimportant
Disclosed items
https://cybershafarat.com/2024/09/04/major-ir-leaks/
Page 3 of 21

Name, Surname, National Number, Date of Birth, Gender, Email Address, Mobile Phone Number, User ID, User
Status, Platform Type, Software Market, Software Code Version, Google Advertising ID, Device ID, Device
Model, Matrix Session ID, Matrix user ID, city, geographic coordinates, last activity time, trip code, trip status,
service type, trip date, trip start time, trip origin and destination, driver ID, driver’s name and surname, driver’s
phone number, trip cost, share the traveler
narration
In September 1402, Tapsi, one of the largest active software in the field of Internet taxis, was infiltrated by a group
of hackers known as “IRLeaks”. Some time later, Tapsy’s CEO announced on Twitter that “Hackers have accessed
some of Tapsy’s users’ information and were looking for extortion, but Tapsy has decided not to cooperate with
them.” This decision, however, did not prevent the disclosure of user information, and finally the data was put up
for sale in dark web markets. This data contained the personal and identity information of more than 26 million
passengers and 3 million Tapsi drivers, along with travel information and the source code of all products such as
passenger and ambassador software, development, support, back-end and other departments. Until now, Tapsi has
not taken responsibility for the leakage of this data and has not published any official announcement in this regard.
Leak date: September 11, 1402
Affected accounts: 26,334,060
In the news: Tejaratnews reportTelegramThe magnitude of the leak21,000,000confirmedgeneral
Disclosed items
Name, surname, username, user ID, mobile phone number
narration
In May 2019, Telegram, a multi-platform open source messaging service focused on privacy, suffered a data
breach. The report of this incident was first published by the Russian website active in the field of technology
“Kod.ru”. According to this report, a database was put up for sale on the dark web markets, which contains the
data of more than 30 million Telegram user accounts (21 million Iranians and 12 million Russians) included
names, usernames, user IDs and mobile phone numbers. The approximate simultaneity of this event with the
“Hunting System” data leak led to this news being interpreted and not covered in the Persian language media.
Leak date: May 6, 2019
Affected accounts: 21,056,273
In the news: Medusa reportTraffic police – license plateThe magnitude of the
leak11,000,000confirmedgeneralimportant
Disclosed items
First name, last name, father’s name, national number, birth certificate number, date of birth, mobile phone
number, landline number, address, car license plate number, car class, car brand, car type, car color, car body
https://cybershafarat.com/2024/09/04/major-ir-leaks/
Page 4 of 21

number, number Engine serial, manufacturer, year of manufacture, VIN number, type, date and description of
court orders issued for the vehicle
narration
In July 1400, a database containing about 14 million lines of information on the owners of all types of vehicles
that were registered by the traffic police until the end of 2019 was put up for sale in a hacker forum. Rahor Police
did not react to this incident at first, but about a month after the publication of this news, Colonel Hossein
Ramezani, Executive Deputy of Rahor Naja Police, while rejecting the published news regarding the disclosure of
information, stated: “So far, not even one bit of this information It has not been published and this issue is only an
allegation.” Unfortunately, a total of 11,033,390 license plates of personal vehicles, government offices and
institutions, taxis, public vehicles, agricultural machinery, disabled and veterans, and 2,621,698 motorcycle
license plates were affected by this data leak. , last name, father’s name, birth certificate number, national number,
date of birth, mobile phone number, address, license plate number, manufacturer, year of manufacture and other
information of the owners of active license plates in Iran.
Leak date: July 31, 1400
Affected accounts: 11,033,390
In the news: Rukna reportQalamchi CenterThe magnitude of the leak4,300,000confirmedimportant
Disclosed items
First name, last name, father’s name, national number, gender, date of birth, numerator, test group, field location,
field address, representative name, backup, director’s name, exam contact number, school name, registration date,
landline phone number, Cell phone number, supervisor’s cell phone number, province, city, address, grade point
average, first and second semester average balance, average exam balance, number of registration exams, absentee
and attended summer and normal
narration
On the 1400th day, one of the servers of the “Education Cultural Center”. Qalam Chi” was hacked by an unknown
person. A few days later, a database containing more than 6 million lines of personal information, registrations and
tests of students in the collection was put up for sale on a hacker forum. These data included name, surname,
father’s name, national number, gender, date of birth and other information of students. Kalamchi Education
Cultural Center has not taken responsibility for the leakage of this data and only warned the students about
changing their password every two weeks by sending a short message.
Date of leak: 9 January 1400
Affected accounts: 4,328,721Badsaba call to prayer calendarThe magnitude of the leak4,200,000confirmed
Disclosed items
Name, surname, father’s name, user ID, email address, country, province, city, time zone, geographic coordinates,
mobile phone number, device brand, device model, IMEI ID, software code version, Android version, registration
https://cybershafarat.com/2024/09/04/major-ir-leaks/
Page 5 of 21

date, Comments and suggestions, tracking code
narration
In Mehr 2019, the hosting server of Azan Go Badsaba calendar, one of the most installed and popular Iranian
software, was hacked by an unknown person. Aggregating the main and supporting data of different software on
one server and not following the basic principles of security and network security made it easy for an intruder to
take control of other software by infiltrating the server of one software. This incident eventually led to the
disclosure of various information from the employees and users of Badsaba call to prayer calendar software,
Mufatih al-Jinan audio Bab al-Naim, Habal al-Matin audio Quran, Nahj al-Balagheh audio chemistry, better score
educational software, Parsman Islamic software, and Shia Rooz Shamar software. And several other
services/software became “mobile wave pioneers” that are available for victim inquiries.
Leak date: January 24, 2019
Affected accounts: 4,279,930Driver’s trayThe magnitude of the leak3,600,000confirmedgeneralimportant
Disclosed items
Name, Surname, National Number, Date of Birth, Gender, Email Address, Mobile Phone Number, User ID, User
Status, Platform Type, Software Market, Software Code Version, Google Advertising ID, Device ID, Device
Model, Matrix Session ID, Metrics user ID, city, geographic coordinates, last activity time
narration
In September 1402, Tapsi, one of the largest active software in the field of Internet taxis, was infiltrated by a group
of hackers known as “IRLeaks”. Some time later, Tapsy’s CEO announced on Twitter that “Hackers have accessed
some of Tapsy’s users’ information and were looking for extortion, but Tapsy has decided not to cooperate with
them.” This decision, however, did not prevent the disclosure of user information, and finally the data was put up
for sale in dark web markets. This data contained the personal and identity information of more than 26 million
passengers and 3 million Tapsi drivers, along with travel information and the source code of all products such as
passenger and ambassador software, development, support, back-end and other departments. Until now, Tapsi has
not taken responsibility for the leakage of this data and has not published any official announcement in this regard.
Leak date: September 11, 1402
Affected accounts: 3,666,198
In the news: Tejaratnews reportAudio Qur’an of Habal al-MateenThe magnitude of the leak2,800,000confirmed
Disclosed items
Full name, username, user ID, password, city, email address, mobile phone number, device brand, device model,
IMEI ID, Wi-Fi mac address, software code version, software serial, Android version, Android ID, Tertiles,
registration date Name, Internet connection status
narration
https://cybershafarat.com/2024/09/04/major-ir-leaks/
Page 6 of 21

In Mehr 2019, the hosting server of Azan Go Badsaba calendar, one of the most installed and popular Iranian
software, was hacked by an unknown person. Aggregating the main and supporting data of different software on
one server and not following the basic principles of security and network security made it easy for an intruder to
take control of other software by infiltrating the server of one software. This incident finally led to the disclosure
of about 2 million and 900 thousand lines of name, username, password, city, email address, mobile phone
number, mobile phone brand, mobile phone model, IMEI ID, Wi-Fi MAC address and other information of
“Quran” software users. “Habal El Matin Audio” and several other services/software became “Mobile Wave
Pioneers Company”.
Leak date: January 24, 2019
Affected accounts: 2,856,963Traffic Police – Engine license plateThe magnitude of the
leak2,600,000confirmedgeneralimportant
Disclosed items
Name, surname, father’s name, national number, date of birth, mobile phone number, landline number, address,
motorcycle license plate number, motorcycle brand, motorcycle type, motorcycle color, motorcycle body number,
engine serial number, manufacturer , year of manufacture, VIN number, type, date and description of court orders
issued for the motorcycle
narration
In July 1400, a database containing about 14 million lines of information on the owners of all types of vehicles
that were registered by the traffic police until the end of 2019 was put up for sale in a hacker forum. Rahor Police
did not react to this incident at first, but about a month after the publication of this news, Colonel Hossein
Ramezani, Executive Deputy of Rahor Naja Police, while rejecting the published news regarding the disclosure of
information, stated: “So far, not even one bit of this information It has not been published and this issue is only an
allegation.” Unfortunately, a total of 11,033,390 license plates of personal vehicles, government offices and
institutions, taxis, public vehicles, agricultural machinery, disabled and veterans, and 2,621,698 motorcycle
license plates were affected by this data leak. , last name, father’s name, birth certificate number, national number,
date of birth, mobile phone number, address, license plate number, manufacturer, year of manufacture and other
information of the owners of active license plates in Iran.
Leak date: July 31, 1400
Affected accounts: 2,621,698
In the news: Rokna reportAudio Mufatih Bab Al-NaimThe magnitude of the leak2,100,000confirmed
Disclosed items
Full name, username, user ID, password, city, email address, mobile phone number, device brand, device model,
IMEI ID, Wi-Fi mac address, software code version, software serial, Android version, Android ID, Tertiles,
registration date Name, Internet connection status
narration
https://cybershafarat.com/2024/09/04/major-ir-leaks/
Page 7 of 21

In Mehr 2019, the hosting server of Azan Go Badsaba calendar, one of the most installed and popular Iranian
software, was hacked by an unknown person. Aggregating the main and supporting data of different software on
one server and not following the basic principles of security and network security made it easy for an intruder to
take control of other software by infiltrating the server of one software. This incident finally led to the disclosure
of about 2 million and 200 thousand lines of name, username, password, city, email address, mobile phone
number, mobile phone brand, mobile phone model, IMEI ID, Wi-Fi MAC address and other information of
Mofatih software users. “Bob Al-Naim Audio” and several other services/software became “Mobile Wave
Pioneers Company”.
Leak date: January 24, 2019
Affected accounts: 2,176,234Judiciary – case management systemThe magnitude of the
leak1,900,000confirmedgeneralimportant
Disclosed items
Name, surname, father’s name, national number, birth certificate number, educational qualification, religion,
gender, date of birth, address or address, mobile phone number, landline number, email address, personal
password number, file number, file title, type Case, case subject, case summary, case status, case charge, case code
number, registration date, confidentiality status, investigative branch, registering unit, assembly report, text of
assembly report, date of meeting, penalty request, letters
narration
In March 1402, the judiciary’s case management system was infiltrated by a group of hackers known as “Adalat
Ali”. A few days later, hackers made the data extracted from this system available to the public on a website. This
action caused the personal and identity information of millions of Iranian citizens whose information was
registered in this system to be exposed and put at risk. The reaction of the Judiciary, like the previous leaks, was
denial. A well-informed judicial official, whose name is usually not published, in a conversation with Isna, denied
the issue of hacking the judiciary’s systems and said: “Many of these documents are fake and fictitious and even
old administrative letters that were previously published in cyberspace and Reposted again.” At the request of
users, Likfa is currently hosting the latest version of the data for this leak. If the site is updated, new data will be
checked and added.
Leak date: March 1, 1402
Affected accounts: 1,197,241
In the news: Zomit reportFacebookThe magnitude of the leak1,600,000confirmedgeneral
Disclosed items
Name, surname, gender, date of birth, user ID, mobile phone number, email address, place of birth, place of
residence, marital status, employment status, registration date, date of obtaining the last degree.
narration
https://cybershafarat.com/2024/09/04/major-ir-leaks/
Page 8 of 21

In June 2019, a database containing the information of more than 530 million Facebook users from all over the
world was put up for sale in a hacker forum. This data, which contained the information of 1.6 million Iranian
users, includes name, surname, gender, date of birth, user ID, mobile phone number, email address, place of birth,
place of residence, marital status, employment status, and registration date. The name and date of obtaining the
last academic degree. Facebook announced that the source of extracting this information was a vulnerability that
was fixed in August 2018.
Leak date: June 17, 2019
Affected accounts: 1,685,080
In the news: Verge reportRaichtThe magnitude of the leak1,200,000confirmedgeneral
Disclosed items
Full name, email address, mobile phone number, password, IP address, profile picture, geographic coordinates,
user browser details, last visited page
narration
In February 2019, Bob Dyachenko, a security researcher, discovered a huge collection of data related to the online
chat platform “Raichat” and was placed in an unprotected database. The registration of this database in the search
engines of devices connected to the Internet made it accessible to other people. A few months later, a database
containing more than 150 million lines of data including names, email addresses, mobile phone numbers,
passwords, profile pictures, IP addresses and other information of the website’s users was put up for sale on a
hacker forum.
Leak date: February 9, 2019
Affected accounts: 1,268,558
Official statement: Raicht’s statementTwitterThe magnitude of the leak1,200,000confirmedgeneral
Disclosed items
User ID, Username, Full Name, Location, Website Address, Profile Picture, Profile Biography, Mobile Number,
Email Address
narration
In Isfand 1400, security researcher Bob Dyachenko announced the disclosure of the information of millions of
Iranian users by an unprotected Elasticsearch. It was made publicly available due to misconfiguration of security
settings. A few months later, a database containing the information of 1.2 million Twitter accounts and more than
40 million Instagram accounts including user ID, username, full name, email address, mobile phone number,
profile picture, privacy status and account verification status (Verified Badge) of users, which was hosted on this
website, was put up for sale in one of the hacker forums.
Leak date: March 4, 1400
Affected accounts: 1,214,286
https://cybershafarat.com/2024/09/04/major-ir-leaks/
Page 9 of 21

In the news: Tejaratnews reportPunishaThe magnitude of the leak786,000confirmedgeneralimportant
Disclosed items
Name, Surname, Gender, National Number, Date of Birth, Username, User ID, Mobile Number, City, Country,
Address or Address, Subscription Type, Profile Image, Cover Image, Projects, Contests, Website Address, Skills
work portfolio, resume, fluent languages, work history, education history, achievements, marital status, time zone,
last time of activity
narration
In July 2019, the freelancer recruitment service or online project “Punisha” was leaked due to the
misconfiguration of Elasticsearch. A few months later, a database containing the information of more than 270,000
users of this website was put up for sale on a hacker forum. This information included name, surname, gender,
national number, date of birth, username, mobile phone number, city, country, account type and other user
information. Two years later, on February 28, 1401, this site suffered a data leak again in the same way. This time,
however, the information included about 800,000 users, along with the data related to competitions and projects.
But the new CEO Punisha attributed the reason for this new leak to the hacker attack and said, “The amount of
sensitive information leaked is less than a tenth of this (announced) amount.”
Leak date: July 1, 2019
Affected accounts: 786,202
In the news: Attached report
Read more: Punisha and multiple leaksMinistry of Cooperation – Tehran Labor DepartmentThe magnitude of the
leak598,000confirmedimportant
Disclosed items
User ID, username, password, first name, last name, father’s name, birth certificate number, national number,
gender, date of birth, education level, email address, mobile phone number, landline number, city, area code,
address or address , zip code, personnel code, workplace, IP address, last entry date
narration
In December 2019, a database containing more than 630 thousand lines of information related to the “General
Department of Cooperative, Labor and Social Welfare of Tehran Province” was put up for sale in one of the
hacker forums. The data included name, surname, national code, date of birth, gender, personnel code, educational
qualification, email address, address, postal code and other information of users/employees of the Ministry of
Cooperatives, Labor and Social Welfare. Unfortunately, no reaction has been shown from the Ministry of Home
Affairs or the relevant news agencies regarding this information leak. The data was provided to Leakfa by a source
who asked to be identified as “Sm0rfZ”.
Leak date: January 11, 2019
Affected accounts: 598,157RoseblogThe magnitude of the leak288,000confirmed
https://cybershafarat.com/2024/09/04/major-ir-leaks/
Page 10 of 21

Disclosed items
Full name, username, password, email address, IP address, website address
narration
In December 2012, Roseblog, one of the providers of web writing services (blog) in Persian language, was hacked
by an unknown person. A few months later, the database of this site containing the information of more than 280
thousand users, including names, usernames, passwords, email addresses and IP addresses of users, was published
among hacker forums and groups.
Leak date: January 11, 2012
Affected accounts: 288,585Smalayo educational systemThe magnitude of the leak238,000confirmedimportant
Disclosed items
User ID, username, password, first name, last name, national number, date of birth, gender, email address, mobile
phone number, year of study, credits obtained, study center
narration
In July 1401, the comprehensive educational system of Samalayo suffered a data leak due to the misconfiguration
of security settings. A few days later, a database containing the information of more than 200,000 users of this
website was put up for sale on a hacker forum, and some time later it was released to the public. This information
included name, surname, national number, date of birth, gender, email address, mobile phone number and other
information of the students.
Leak date: July 5, 1401
Affected accounts: 238,807Nahj al-Balagha audio chemistryThe magnitude of the leak224,000confirmed
Disclosed items
Full name, username, user ID, password, city, email address, mobile phone number, device brand, device model,
IMEI ID, Wi-Fi mac address, software code version, software serial, Android version, Android ID, Tertiles,
registration date Name, Internet connection status
narration
In Mehr 2019, the hosting server of Azan Go Badsaba calendar, one of the most installed and popular Iranian
software, was hacked by an unknown person. Aggregating the main and supporting data of different software on
one server and not following the basic principles of security and network security made it easy for an intruder to
take control of other software by infiltrating the server of one software. This incident finally led to the disclosure
of about 225,000 lines of name, username, password, city, email address, mobile phone number, mobile phone
brand, mobile phone model, IMEI ID, Wi-Fi MAC address and other information of the users of “Nahj Balaghah
Audio Kimia” software. ” and several other services/software became “mobile pioneer company”.
https://cybershafarat.com/2024/09/04/major-ir-leaks/
Page 11 of 21

Leak date: January 24, 2019
Affected accounts: 224,234Ministry of Interior – Seman SystemThe magnitude of the
leak126,000confirmedimportant
Disclosed items
Name, surname, national number, date of birth, gender, marital status, profile type, profile picture, sample
signature, education degree, specialization, email address, mobile phone number, landline number, address, city,
province, Postal code, bank account number
narration
In March 2019, a database containing the information of about 130 thousand users of the Ministry of Interior’s
“Non-Governmental Organization Establishment System” was put up for sale in one of the hacker forums. The
data included name, surname, national code, date of birth, gender, marital status, educational qualification,
specialization, email address, address, postal code and other information of the users of this system. Unfortunately,
there has been no reaction from the Ministry of Home Affairs or relevant news agencies regarding this information
leak. The data was provided to Leakfa by a source who asked to be identified as “Dominic Vaughan”.
Leak date: March 8, 2019
Affected accounts: 126,170face viewThe magnitude of the leak116,000confirmedgeneral
Disclosed items
Full name, username, password, email address
narration
In December 2013, the largest social network in Persian language, “Face Nama”, was hacked by a person who
calls himself “Mr_TOROJAN”. Minutes later, the extracted data, which included 116,000 unique email addresses
along with names, usernames, and passwords with the MD5 algorithm, was posted on the site.
Leak date: January 10, 2013
Affected accounts: 116,478
In the news: Asr Iran reportKarbankThe magnitude of the leak106,000confirmedimportant
Disclosed items
Name, surname, date of birth, username, password, gender, landline phone number, mobile phone number, email
address, profile picture, identifier, registration date, last entry date, work history, marital status, province, city,
Address, degree, university, GPA, skills, resume, scanned documents
narration
https://cybershafarat.com/2024/09/04/major-ir-leaks/
Page 12 of 21

In April 2019, a database containing the information of more than 100,000 users of the recruitment, job search,
resume search and job advertisement service “Carbank” was put up for sale in one of the hacker forums. The
information includes name, surname, date of birth, gender, username, password, landline phone, mobile phone,
email address, work experience, marital status, city, province, address, degree, field of study and other information
of users. It was the employees of this service. The data was provided to Leakfa by a source who asked to be
identified as “Hermann Goering”.
Leak date: April 30, 2016
Affected accounts: 106,667my electricityThe magnitude of the leak79,000confirmedgeneralsample
Disclosed items
First name, last name, national number, mobile phone number, user ID, region code, city code, payment amount,
payment date, tracking number, PSP company code, card number (incomplete), model ID, model name, make ID,
warehouse Delivery and name of the electricity meter manufacturer
narration
In Mehr 1401, Barqman, the official portal for inquiry and payment of electricity distribution companies of the
country, suffered a data leak. This data, which included name, surname, national number, mobile phone and other
information of thousands of users related to this system, was placed on an unprotected Elasticsearch. At the
request of users and in cooperation with security researcher Bob Dyachenko, Likfa is currently hosting sample
data for this leak, if you have the original data, please contact us.
Leak date: 8 Mehr 1401
Affected accounts: 79,581
In the news: Barqnews reportJudiciary – Sana systemThe magnitude of the
leak50,000confirmedgeneralimportantsample
Disclosed items
First name, last name, father’s name, religion, gender, marital status, landline phone number, mobile phone
number, phone number, national number, address, postal code, place of birth, place of residence, level of
education, one-time password, password Personal, last password change date
narration
In February 2019, Sana’s authentication system suffered a data breach. This data, which was put up for sale in one
of the hacker forums, according to the seller, contains 25 million and 300 thousand lines of email address, date of
birth, birth certificate number, name, surname, father’s name, gender, landline phone, mobile phone, National
code, address/address, place of birth, education level, one-time password (hashed), personal password (hashed)
and other information of the users, the judiciary did not react to this incident at first, but a few days later, Mr.
Mohammad Kazemi Fard, Deputy of Judicial Intelligence and Systems Affairs of the Statistics and Information
Technology Center of the Judiciary, regarding the leakage of information of the users of the judicial electronic
https://cybershafarat.com/2024/09/04/major-ir-leaks/
Page 13 of 21

notification system, announced that there was no hacking or information leakage in the judicial system. At the
request of users, Likfa is currently hosting sample data for this leak, if you have the original data, please contact
us.
Leak date: 29 February 2019
Affected accounts: 50,432
In the news: Zomit report
Videos: Sana system information leak investigationAsiatechThe magnitude of the
leak49,000confirmedgeneralsample
Disclosed items
Name, surname, national number, landline number, mobile number, ADSL number
narration
In June 2019, Asiatech, one of the Internet Service Providers (ISP) in Iran, suffered a data leak. This data, which
was put up for sale in one of the hacker forums, contained the name, surname, national code, landline phone
number, mobile phone number and other information of the company’s employees and users. Asiatec first
published the news in its official statement. Regarding the leak of users’ information, he denied it, but the next
day, according to a statement published in one of the media, they confirmed the data leak and announced that “the
stolen information is related to one of the representative offices of this company.” At the request of users, Likfa is
currently hosting sample data for this leak, if you have the original data, please contact us.
Leak date: June 3, 2019
Affected accounts: 49,828
In the news: Zomit reportSharif University of TechnologyThe magnitude of the leak48,000confirmedimportant
Disclosed items
Name, surname, father’s name, birth certificate number, national number, student number, gender, place of birth,
date of birth, place of residence, life status, previous name and surname, landline phone number, mobile phone
number, phone number, email address , username, password, job position, work history, address, city, province,
zip code
narration
In December 2019, one of the servers of Sharif University of Technology, one of the most well-known universities
in the country, was hacked by an unknown person. A few months later, a set of several databases containing name,
surname, father’s name, ID number, national code, gender, date of birth, email address, landline phone, mobile
phone and other information of employees/professors and students of this university, It was put up for sale in one
of the hacker forums.
Date of leak: 29 December 2019
Affected accounts: 48,492Khwaja Nasir UniversityThe magnitude of the leak45,000confirmedgeneralimportant
https://cybershafarat.com/2024/09/04/major-ir-leaks/
Page 14 of 21

Disclosed items
Name, surname, father’s name, national number, birth certificate number, place of issue, date of birth, gender,
semester of entry, student number, field of study, course, course, grade point average, unit passed, conditional
number, type of admission to the university, type of quota , military status, religion, religion, marital status, mobile
phone number, landline number, email address, place of birth, province of residence, city of residence, address or
address, postal code, years of studentship
narration
In Shahrivar 1400, one of the systems of Khwaja Nasiruddin Tusi University of Technology, one of the top
universities in the country, was hacked by an unknown person. A few days later, a collection of several databases
containing about 100,000 lines of data was put up for sale on a hacker forum. These data included name, surname,
father’s name, national number, birth certificate number, place of issue and other identity and personal information
of the students. The Research and Technology Vice-Chancellor of the University published a notice in this regard,
which attributed the leaked information through the thieves’ access to the personal files of the current affairs
report of various university units.
Date of leak: 7 Shahrivar 1400
Affected accounts: 45,454
Official statement: University Research and Technology Vice-ChancellorEducational media for better gradesThe
magnitude of the leak41,000confirmed
Disclosed items
Full name, username, user ID, password, city, email address, mobile phone number, device brand, device model,
IMEI ID, Wi-Fi McAddress, software code version, software serial, Android version, Android ID, registration
date, Internet connection status
narration
In Mehr 2019, the hosting server of Azan Go Badsaba calendar, one of the most installed and popular Iranian
software, was hacked by an unknown person. Aggregating the main and supporting data of different software on
one server and not following the basic principles of security and network security made it easy for an intruder to
take control of other software by infiltrating the server of one software. This incident finally led to the disclosure
of about 42 thousand lines of name, username, password, city, email address, mobile phone number, mobile phone
brand, mobile phone model, IMEI ID, Wi-Fi McAddress and other information of the users of the “Better Score
Educational Media” software. ” and several other services/software became “mobile pioneer company”.
Leak date: January 24, 2019
Affected accounts: 41,890Etude Plus educational systemThe magnitude of the leak34,000confirmedimportant
Disclosed items
https://cybershafarat.com/2024/09/04/major-ir-leaks/
Page 15 of 21

Name, surname, father’s name, national number, username, password, account type, mobile phone number, profile
picture, contact list, father’s mobile phone number, mother’s mobile phone number, school ID, school name,
school address, school principal’s name school principal’s cell phone, school principal’s username, school
principal’s password, list of school classes, list of school entertainment bells
narration
In May 1400, a database containing the information of more than 34,000 users of the Etude Plus online training
system was placed in one of the hacker forums. The data included name, surname, father’s name, national code,
username, password, account type, mobile phone number, profile picture, contact list of father’s mobile phone
number, mother’s mobile phone number and other information of users. This data included the first name, last
name, father’s name, national code and mobile phone number of the teachers, as well as the contact list of the
users of this system, which included about 200 thousand lines of first name, last name and mobile phone number,
was also disclosed in this incident. Available for victim inquiries.
Leak date: May 26, 1400
Affected accounts: 34,071ClassinoThe magnitude of the leak30,000confirmed
Disclosed items
Name, surname, national number, educational level, field of study, province, gender, mobile phone number, user
ID, registration date, account credit
narration
On December 1400, Classino, the first and largest online exam school and class in the country, experienced a data
failure. This data, which contained more than 30 thousand lines of name, surname, national number, educational
level, field of study, province, gender, mobile phone number and other information of users, was first put up for
sale in one of the hacker forums. And then it was published publicly.
Date of leak: 8 December 1400
Affected accounts: 30,744Iranian language referenceThe magnitude of the leak24,000confirmed
Disclosed items
Username, password, IP address, email address
narration
In September 2016, the website of the country’s most comprehensive language school on the web platform known
as “Iranian Language Reference” was hacked by a group of hackers known as “Priv8_Team”. This incident led to
the disclosure of the site’s database, which contained 24,000 lines of usernames, email addresses, passwords with
the MD5 algorithm, and users’ IP addresses.
https://cybershafarat.com/2024/09/04/major-ir-leaks/
Page 16 of 21

Leak date: 11 Mehr 1396
Affected accounts: 24,898DeltafoxThe magnitude of the leak23,000confirmed
Disclosed items
Username, password, email address, website address
narration
In March of 2013, Deltafox, the download authority for computer games, was hacked by a person who calls
himself “MR. HOSSEIN”. This incident led to the disclosure of the site’s database, which contained 23,000 lines
of usernames, email addresses, passwords with the MD5 algorithm, and website addresses of users.
Leak date: April 3, 2014
Affected accounts: 23,214Payam Noor UniversityThe magnitude of the leak19,000confirmedimportant
Disclosed items
Name, surname, student number, father’s name, date of birth, birth certificate number, serial number of birth
certificate, national number, military status, marital status, province, city, postal code, place of residence, place of
birth, landline phone number, mobile phone number , email address, school name, grade point average, 3×4
photos
narration
In July 2019, the website of Payam Noor University, one of the top universities in the country, was hacked by an
unknown person. A few months later, a database from this site containing more than 19 thousand lines of first and
last name, father’s name, date of birth, birth certificate number, national code, mobile phone number, email
address and other personal information of students, in one of the hacker forums. It was put up for sale. In Mehr
1400, we witnessed a new data leak from this university, a collection containing more than 13 thousand lines
containing identity information, student information, certificate date, certificate number, and landline and cell
phone numbers of students. The possibility of querying this data is also available for the victims.
Leak date: July 24, 2019
Affected accounts: 19,155Tehran University of Medical SciencesThe magnitude of the leak18,000confirmed
Disclosed items
First name, last name, national number, email address, username, password, landline phone number, mobile phone
number, emergency contact number, father’s cell phone number, mother’s cell phone number, IP address, user ID
narration
On March 3, 2019, a database containing the information of more than 18 thousand students of “Tehran University
of Medical Sciences and Health Services” which included name, surname, national code, email address, username,
https://cybershafarat.com/2024/09/04/major-ir-leaks/
Page 17 of 21

password, mobile phone number and other information. , was put up for sale in one of the hacker forums. One of
the other systems of this university suffered a data leak last month, which eventually led to the disclosure of the
information of 3,000 of its employees, including name, surname, father’s name, national code, ID number, job
position, landline number, Cell phone numbers, latest salaries and other information are available for victim
inquiries.
Leak date: March 3, 2019
Affected accounts: 18,507Luxa PlusThe magnitude of the leak14,000confirmed
Disclosed items
Name, surname, mobile phone number, email address
narration
In November 2016, Luxa Plus, a social network designed to provide VIP services to the affluent segment of the
society, was hacked by an unknown person. 3 years later, its database containing more than 14,000 user
information, including first and last names, email addresses and mobile phone numbers, was put up for sale on a
hacker forum.
Leak date: November 30, 2016
Affected accounts: 14,725IranplastThe magnitude of the leak14,000confirmed
Disclosed items
Full name, landline phone number, mobile phone number, password, email address, place of residence, company
name, company website address, company activity, company registration number
narration
In December 2018, the website of the international exhibition of plastics, rubber, machinery and equipment known
as “Iranplast” was infiltrated by a group of hackers known as “Liosion Team”. This incident led to the disclosure
of the information of about 17 thousand traders from all over the world (14 thousand from Iran) who had
registered to receive services in this exhibition.
Date of leak: December 30, 2018
Affected accounts: 14,716Samsung CenterThe magnitude of the leak12,000confirmed
Disclosed items
First name, last name, landline phone number, mobile phone number, password, IP address, email address
narration
https://cybershafarat.com/2024/09/04/major-ir-leaks/
Page 18 of 21

In April 2013, the website of the official sales representative of Samsung products since 2007 in Iran, known as
“Samsung Center”, was hacked by a group of hackers known as “Zurael sTz”. This incident led to the disclosure
of about 20,000 data containing 12,000 personal information of customers, including names, surnames, email
addresses, mobile and landline numbers, IP addresses and passwords with the MD5 algorithm.
Leak date: April 18, 2016
Affected accounts: 12,992Parsman Islamic softwareThe magnitude of the leak9,000confirmed
Disclosed items
User ID, email address, mobile phone number, device brand, device model, registration date
narration
In Mehr 2019, the hosting server of Azan Go Badsaba calendar, one of the most installed and popular Iranian
software, was hacked by an unknown person. Aggregating the main and supporting data of different software on
one server and not following the basic principles of security and network security made it easy for an intruder to
take control of other software by infiltrating the server of one software. This incident finally led to the disclosure
of about 9 thousand lines of user ID, email address, mobile phone number, mobile phone brand, mobile phone
model and other information of users of “Persman Islamic Software” and several other services/software of
“Pishgaman Moj Mobile Company”.
Leak date: January 24, 2019
Affected accounts: 9,099Ports and Maritime OrganizationThe magnitude of the
leak9,000confirmedgeneralimportant
Disclosed items
Name, surname, father’s name, national number, birth certificate number, serial number of birth certificate, date of
birth, religion, gender, marital status, date of marriage, spouse’s occupation, number of children, organizational
position code, signatory’s name, signatory’s job position, last salary date of official employment (permanent), date
of contract employment (temporary), military status, duration of military service, mobilization status, address,
postal code, landline phone number, mobile phone number, email address, place of birth
narration
In October 2019, the Iranian Ports and Maritime Organization witnessed a massive cyber attack against its
infrastructure, about 48 hours later, a large collection of about 15 gigabytes of data of this organization, including
the information of employees, customers, contracts, shipments, payments and information Another of various
ports such as Bandar Bushehr, Imam Khomeini, Shahid Rajaei and Shahid Bahnar was included in a telegram
channel. The Ports and Maritime Organization of Iran, while confirming that the infrastructure of this organization
has been targeted by a cyber attack, announced that preventive and appropriate measures have been taken against
this attack and the missions of the Ports and Maritime Organization are ongoing without interruption. In an
announcement, the Maher center announced the cyber attack on two government organizations, although it did not
https://cybershafarat.com/2024/09/04/major-ir-leaks/
Page 19 of 21

name them, and announced the temporary suspension of some services and technical tests of these centers as a
precaution after receiving the warnings.
Date of leak: 22 Mehr 1399
Affected accounts: 9,749
In the news: Moj reportIran’s security teamThe magnitude of the leak6,000confirmed
Disclosed items
Username, password, IP address, email address, date of birth
narration
In July 2013, Iran’s security team, a specialized authority on hacking and security, was infiltrated by a group of
hackers known as “ISG & RST”. A few months later, its database was posted on a popular hacker forum,
containing more than 6,000 usernames, dates of birth, email addresses, IP addresses, and MD5 passwords.
Leak date: July 7, 2013
Affected accounts: 6,523Shia daily calendarThe magnitude of the leak6,000confirmed
Disclosed items
User ID, email address, mobile phone number, device brand, device model, registration date
narration
In Mehr 2019, the hosting server of Azan Go Badsaba calendar, one of the most installed and popular Iranian
software, was hacked by an unknown person. Aggregating the main and supporting data of different software on
one server and not following the basic principles of security and network security made it easy for an intruder to
take control of other software by infiltrating the server of one software. This incident finally led to the disclosure
of about 7 thousand lines of user ID, email address, mobile phone number, mobile phone brand, mobile phone
model and other information of the users of “Shi’a Zahi Calendar” and several other services/software
“Pishgaman Moj Mobile Company”. became.
Leak date: January 24, 2019
Affected accounts: 6,758Check light forumThe magnitude of the leak5,000confirmed
Disclosed items
User ID, Username, Email Address, IP Address, Password, Salt
narration
In Mehr 2019, Chirag Chek Association, a specialized authority on the basics of electrical and automotive
electronics, suffered a data leak. A few months later, a database containing the information of more than 6,000
https://cybershafarat.com/2024/09/04/major-ir-leaks/
Page 20 of 21

users of this website, including user IDs, usernames, passwords, salt, email addresses, and IP addresses of users,
was released among hacking forums and groups.
Date of leak: 10 October 2019
Affected accounts: 5,970Post office – Sarpol ZahabThe magnitude of the leak5,000confirmed
Disclosed items
First name, last name, father’s name, national ID number, birth certificate number, date of birth, tracking code,
sending date, landline phone number, mobile phone number
narration
In April 1400, a database containing the information of more than 5,000 customers of the Islamic Republic of Iran
Post Company was put up for sale in one of the hacker forums. Name, surname, father’s name, national number,
birth certificate number, date of birth, tracking code, date of sending, landline phone number and mobile phone
number. The data was provided to Leakfa by a source who asked to be referred to as “DeathAngle”.
Leak date: April 5, 1400
Affected accounts: 5,394
Iranian information leak tracking system
Copyright © 2024 All rights reserved.
Source: https://cybershafarat.com/2024/09/04/major-ir-leaks/
https://cybershafarat.com/2024/09/04/major-ir-leaks/
Page 21 of 21