A significant data breach has allegedly hit a cloud hosting provider based in Iran, putting vast amounts of sensitive company and customer data at risk. A threat actor posted on a hacking forum claiming to be in possession of a 7.5 GB database stolen from the company in July 2025. Hosting companies are critical infrastructure, providing the backbone for countless websites and online services, making this alleged breach a serious threat to both the provider and its international clientele. The data is being offered for sale for $15,000 in Monero.
The seller claims the compromised data is extensive and highly sensitive, creating potential for widespread fraud, ransomware attacks, and server takeovers. The alleged breach includes not only the personal information of customers from various countries but also the core operational data of the hosting provider itself. The threat actor listed the contents of the massive data dump, which allegedly includes:
- 1,300 Personally Identifiable Information (PII) records, including names, emails, passwords, phones, addresses, and Citizen/Tax IDs from countries such as Turkey, Germany, and the UAE.
- 1,200 decrypted passwords for user CMS accounts.
- Root and admin credentials for 245 servers.
- Admin and database credentials for 1,259 CMS installations like WordPress and Joomla.
- 170 API tokens with programmatic access to the hosting platform.
- 3,500 OAuth tokens for third-party integrations.
- The company’s backend source code, including API keys.
