After 2 months of customer data leakage in Sepah Bank’s infrastructure
Technical evidence shows that the bank and its contractors, including Datin Company and other intermediary companies, have identified and corrected a significant portion of security weaknesses in the architectural design, access levels, and vulnerable structures.
Datin Company, in response to the vulnerability report submitted by our group, without any public announcement or acceptance of responsibility, confidentially
1- Patched sensitive versions of Payam Pardaz Company’s software (PAM system).
2- Removed remote access connections for employees.
3- Implemented a new layer of authentication in the UI only for specific access levels.
4- Added Level 7 (L7) restrictions in the network layer, including Deep Packet Inspection on outputs and filtering based on payload size.
🤡However, none of the entities responsible for the contractor companies have provided an official response or admission of their negligence.
🏴☠️According to the group’s policies,
the information has not yet been sold and is safe.
The opportunity for negotiation and agreement is not permanent.
You must be logged in to post a comment.