Cyber Incident Victim: Arzi24.com
Date:
Apr 2020
Location:
Iran
Summary
A hacker sold Iranian national ID cards, selfies, birth certificates, passports, and debit card details on dark web platforms and a prominent hacking forum, compromising tens of thousands of individuals. The data, reportedly sourced from multiple websites including Arzi24.com—a cryptocurrency exchange platform—was offered for $200 in Bitcoin on one forum and 0.2 Bitcoin (~$1,463) on another, with restrictions limiting bulk purchases. The exposed information poses significant risks of identity theft, financial fraud, and blackmail, exacerbating privacy concerns amid broader regional cybersecurity challenges.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In early April 2020, a significant data breach exposed sensitive personal information belonging to tens of thousands of Iranian citizens. On April 9, 2020, cybersecurity researchers reported that a hacker or hacking group was actively selling 8.17 GB of Iranian personal data containing 45,221 files on dark web marketplaces and prominent hacking forums. The dataset included high-resolution copies of Iranian national ID cards, birth certificates, passports, debit cards, and self-portrait photographs showing individuals holding their identification documents. This breach occurred amid Iran's COVID-19 pandemic crisis, compounding privacy risks for affected citizens. The seller offered the entire dataset for $200 worth of Bitcoin with a restriction limiting sales to no more than three buyers. Concurrently, a separate listing appeared on an established hacking forum – previously associated with selling 42 million Iranian phone numbers – advertising 52,000 Iranian ID cards with corresponding selfies for 0.2 Bitcoin (approximately $1,463 at the time). Security analysts confirmed the authenticity of sample data, verifying that the materials contained legitimate identification documents and personally identifiable information.
Digital forensic investigator Mohammad Jorjandi identified multiple Iranian platforms as likely data sources, including Niazpardazir (an online advertising and utility payment platform) and Arzi24.com, a cryptocurrency exchange operated by Farhad Exchange specializing in Bitcoin transactions. The breach exposed victims to heightened risks of financial fraud, identity theft, and physical blackmail due to the inclusion of government-issued identification paired with contemporary facial images. Criminal actors could exploit this information to bypass biometric verification systems, forge physical documents, or conduct targeted social engineering attacks. The incident represented Iran's second major privacy crisis within weeks, following the earlier exposure of 42 million citizens' phone numbers on the same hacking forum. No remediation efforts or victim notifications were documented in available reports, leaving affected individuals vulnerable to exploitation through both digital and real-world attack vectors leveraging their compromised credentials.