tkar-khj.ir Data Breach Exposes 48K Iranian Community Member Records

HEROIC's DarkHive system discovered the tkar-khj.ir breach, exposing 48,819 records in August 2018. This now-defunct Persian-language Iranian community website suffered a database compromise that revealed member email addresses and MD5 password hashes belonging to Iranian internet users who registered on this community platform.

Why This Is Dangerous

Community platforms in Iran often serve as hubs for diaspora communities and local cultural groups whose members may share accounts across other Persian-language services, social networks, and media platforms. MD5 password hashing provides minimal protection against modern cracking tools, with most hashes recoverable through rainbow table lookups available on widely accessible cracking services. The exposure of Iranian community member credentials creates risks beyond credential stuffing, as email address databases from this region can be used for politically targeted phishing campaigns.

What Was Exposed

• Email Address
• Password Hash (MD5)

Why This Matters

Iranian internet users whose credentials were exposed face credential stuffing risks on any platform where the same email and password were reused. Community websites often attract users with strong social ties who share contact information, making this database valuable for social engineering attacks targeting online communities. Anyone who registered on tkar-khj.ir should change their password on all platforms where the same credentials were used, particularly email services and social networks.

How Database Breach Works

Community website databases are targeted for the concentrated contact information they contain from defined social or demographic groups. Attackers exploit vulnerabilities in forum software and content management systems commonly used to run community platforms. The extracted credentials, including recoverable MD5 hashes, are incorporated into combolists targeting consumer services and used in bulk phishing campaigns directed at the community's email addresses.

Check If You Are Affected

HEROIC offers a free identity scanner searching over 400 billion records including data from the tkar-khj.ir breach. Visit heroic.com to check if your information was exposed.