Hacker Posts Details of 3 Million Iranian Bank Accounts

Jeremiah Cornelius writes "Khosrow Zarefarid warned of a security flaw in Iran's banking system providing affected institutions the details, including 1,000 captured bank accounts. When the affected banks, including the largest state institutions didn't respond, Khosrow hacked 3 million accounts across at least 22 banks. He then dropped these details — including card numbers and PINs — on his blog. Three Iranian banks Saderat, Eghtesad Novin, and Saman have already warned customers to change their debit card PINs. 'Zarefarid is reportedly no longer in Iran, though it is unclear when he left.'"

Re:What a great guy

[Fluffeh]

So, in my view, the hacker did good, because the people in charge weren't listening, so it made them listen.

I think you missed the point. He didn't "make them listen". The banks haven't fixed the security problem. All they have done is asked their customers to change their PIN as well as blocking some ATMs.

So, no, this isn't a good move, because all it has done is caused three million card users to be further annoyed as their cards are still no safer than before - in fact less so, because there is a proof of concept out there now with guaranteed ROI - they can't get to their own cash as easily as they have to go around changing PINs and if there is a deluge of crookery going on, the banks are now going to say "Ha! We TOLD you to change your numbers!"

What he should have done is gone to the credit agencies like Visa and Mastercard who would likely cut off the banks accounts in very quick order, thereby forcing the banks to fix the security hole. Even though a debit visa isn't touching the bank's money, the big credit companies take these things rather seriously if it has their name on it.