A whopping 600,000 accounts appear to have been stolen in an Anonymous-affiliated hack of Walla!, Isreal's eighth most frequented website.
Hackers dumped email addresses, password MD5 hashes and salts across 93 Pastebin posts.
Walla! has not confirmed the breach.
Consumer security breach checker tool PwnedList caught wind of the apparent breach which appeared to be tied to the Anonymous operation's Israel hacking campaign.
"Earlier today we caught what looked like to be a small breach of walla.co.il, but I am now realising it's much bigger than we thought," PwnedList chief technology officer Alan Puzic said.
"After further analysis it seems that we came across a leak that's part of Anonymous' #OpIsrael initiative."
Puzic said the hacker, AnonSabre, had dumped the data over 24 hours.
Internet searches appear to confirm the legitimacy of the attack, with some affected email addresses showing an association with Walla! and not with older unrelated data breach lists.
Previously, such lists of hacked accounts have been found to be fraudulent and padded with already-exposed credentials.
PwnedList confirmed to SC none of the dumped Walla! addresses matched existing addresses in its database of 30 million hacked credentials.
Affected users who also use password manager LastPass will be notified under a deal inked with PwnedList in September which offers free credential monitoring through the latter's database of compromised accounts.
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
