Cyber Incident Victim: Daba

On August 2, 2016, Iranian internet service provider Daba suffered a breach of its Parsiva.daba.co.ir domain by an Israeli hacker using the alias Zurael_sTz. The attacker publicly leaked three data files containing customer and administrative credentials via Twitter, claiming to possess information for 52,000 users. Initial analysis by cybersecurity platform Hacked-DB confirmed the authenticity of the leaked data but identified a smaller subset than advertised – 342 email accounts and 2,960 usernames with associated sensitive information. The compromised records included hashed passwords (MD5 algorithm), bank account numbers, email addresses, telephone numbers, mobile addresses, and administrator account credentials. The hacker's social media activity suggested additional data might be released subsequently. Zurael_sTz had previously targeted websites in Palestine, Egypt, and Jordan, establishing a pattern of regional cyber operations aligned with pro-Israeli interests.

The breach exposed critical vulnerabilities in Daba's infrastructure, particularly concerning given its role as a provider of dial-up services, ADSL communications, internet cards, and voice services to Iranian customers. Compromised administrator credentials heightened risks of secondary attacks or system manipulation. Iranian users faced direct threats of financial fraud and identity theft due to the banking information disclosure, compounding existing privacy concerns following a separate incident involving Telegram user data leaks the previous month. The attack reflected ongoing cyber hostilities between Israeli and opposing hacker collectives, exemplified by historical actions like the 2012 IDF hacking team's retaliatory takedowns of Saudi and UAE stock exchange websites following attacks on Israeli financial and aviation targets. No public statements from Daba regarding containment measures or system restoration were documented in available sources at the time of reporting.