Taiseer (taiseer.co) Database Breached: Threat Actor Sorb Offering PII of Egyptian Gold Investors for Sale
A threat actor operating under the alias Sorb is selling the database of Taiseer (taiseer.co), the Egyptian Sharia-compliant fractional gold-savings fintech. The listing claims 71,000 user records with full names, emails, phone numbers, bcrypt password hashes, addresses, gold balances, and 27,000 national ID card records with scanned front-and-back images — offered for $400 with escrow.
71,000 investor records from Egypt's Sharia-compliant fractional gold-savings platform, including bcrypt password hashes, 27,000 national ID scans, and per-user gold balances. The seller also claims continued access to the environment. High risk of account takeover, identity theft, and targeted fraud against high-balance holders.
Incident Summary
Incident Overview
A threat actor going by Sorb is selling a database attributed to Taiseer (taiseer.co), a Cairo-based fintech founded in 2023 and headquartered at the Nile University campus. Taiseer operates a Sharia-compliant mobile app that lets Egyptian savers buy investment-grade gold in fractions, describing itself in its own marketing as "the first digital platform for saving in gold."
According to the post, the dataset contains 71,000 user records with 71,000 unique emails, 71,000 unique phone numbers, and 27,000 unique national ID card records. Sample rows published by the actor confirm the following schema and data categories:
- Core Account DataFull names (in Arabic script), email addresses, Egyptian mobile numbers (002012 prefix), bcrypt password hashes, and Firebase Cloud Messaging (FCM) push tokens tied to individual devices.
- KYC Identity RecordsEgyptian national ID numbers (14-digit format), ID photo front and back filenames, nationality, residence country, and city — 27,000 verified identities in total.
- Demographic DataGender, date of birth (sample DOBs span 1947–1999), job title (Marketing Consultant, Product Designer, banker, engineer, graphic designer, application designer, among others), and home address.
- Financial & Gold BalancesCurrent gold balances, out-balance, current and reserved gold shares, referral data, transaction history, and account timestamps for created_at and updated_at events.
- Administrative FlagsAdmin verification status, rejection reasons, basic-info flags, and referral link IDs — the internal fields a full database dump would expose to a buyer attempting to identify high-value or recently onboarded accounts.
The listing is priced at $400 USD with escrow available, and the actor notes that buyer access "does not affect the price" — language that the seller interprets as indicating ongoing or retained access to the source environment rather than a one-off dump. The actor directs interested buyers to t.me/sorblines for contact and advertises a broader data-leak channel at t.me/totaldataleaks. The combination of bcrypt password hashes, scanned national ID cards, and per-user gold balances is the most damaging element: it pairs an account takeover vector (via hash cracking or credential stuffing against other services) with verified identity documents suitable for KYC-bypass fraud, and a known target value in physical gold. For a platform of Taiseer's size, this represents effectively the entire customer base.
Compromised Data Categories
Screenshots
%20Database%20Breached%3A%20Threat%20Actor%20Sorb%20Offering%20PII%20of%20Egyptian%20Gold%20Investors%20for%20Sale){kind=link}