An Iranian banking employee proves his point about the vulnerability to hacking of Iranian bank customer data by hacking into the bank computers of 22 separate Iranian banks and obtaining the PIN's of 3,000,000 accounts, which he then published at his blog.
As ZDNet reports:
After finding a security vulnerability in Iran’s banking system, Khosrow Zarefarid (see his FB page here) wrote a formal report and sent it to the CEOs of all the affected banks across the country. When the banks ignored his findings, he hacked 3 million bank accounts, belonging to at least 22 different banks, to prove his point.
. . .
It does not appear as if Zarefarid stole money from the accounts; he merely dumped the account details of around 3 million individuals, including card numbers and PINs, on his blog: ircard.blogspot.ca. I found the link via his Facebook account, along with the question “Is your bank card [among these] 3000000 cards?”
At least three Iranian banks (Saderat, Eghtesad Novin, and Saman) have already sent text messages to their clients, warning them to change their debit card PINs. Furthermore, the Central Bank of Iran (CBI) issued a statement announcing that millions of ATM cards have been hacked and urged all card holders to change their PINs, especially if they haven’t done so in the last few months. The warning was repeated on state TV channels.
Some banks are currently blocking their clients’ accounts to be on the safe side, and the CBI has also apologized for the inconvenience this is causing. Furthermore, many ATMs in Iran have stopped dispensing cash and only let customers change their PINs when they put in their debit card.This seemed too crazy to be true, but the story was confirmed on a website called Central Banking.com, which covers banking issues:
The Central Bank of Iran has issued a statement telling debit card users in the country to change the personal identification code on their cards in the wake of a major security breach.Where might Mr. Zarefarid be? Perhaps in a comfortable Mediterranean villa 990 miles west- south-west of Tehran!
Khosrow Zarefarid, a former bank-system specialist in Iran who reportedly recently left the country, published the security details of three million accounts on a blog site last week.