A whopping 600,000 accounts appear to have been stolen in an Anonymous-affiliated hack of Walla!, Isreal's eighth most frequented website.
Hackers dumped email addresses, password MD5 hashes and salts across 93 Pastebin posts.
Walla! has not confirmed the breach.
Consumer security breach checker tool PwnedList caught wind of the apparent breach which appeared to be tied to the Anonymous operation's Israel hacking campaign.
"Earlier today we caught what looked like to be a small breach of walla.co.il, but I am now realising it's much bigger than we thought," PwnedList chief technology officer Alan Puzic said.
"After further analysis it seems that we came across a leak that's part of Anonymous' #OpIsrael initiative."
Puzic said the hacker, AnonSabre, had dumped the data over 24 hours.
Internet searches appear to confirm the legitimacy of the attack, with some affected email addresses showing an association with Walla! and not with older unrelated data breach lists.
Previously, such lists of hacked accounts have been found to be fraudulent and padded with already-exposed credentials.
PwnedList confirmed to SC none of the dumped Walla! addresses matched existing addresses in its database of 30 million hacked credentials.
Affected users who also use password manager LastPass will be notified under a deal inked with PwnedList in September which offers free credential monitoring through the latter's database of compromised accounts.
Copyright © SC Magazine, Australia
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.