A hacker going by the name of AnonSabre late last week leaked just over 583,000 credentials (email addresses and passwords) from the Israeli Web portal Walla. The site is one of the most popular in the country, providing its users with news, search, and email services.
The leak was first uploaded as 93 Pastebin links listed in a separate Pastebin post. The links in question are dead at the time of writing but not before they were republished elsewhere.
The leaked credentials were first found by PwnedList, a service that helps users figure out if their account credentials were stolen as part of a hack. The company crawls public sites where hackers post stolen data and then indexes all the login credentials it finds, a number which is currently over 30 million. We got in touch with PwnedList to verify the Walla hack, and indeed none of the dumped Walla addresses matched existing credentials in the company’s database.
“We discovered the Walla data leak through one of the automated harvesters that we had monitoring the hacker community,” PwnedList co-founder Steve Thomas told TNW. “We found out that we had only identified part of the leak, so we manually tracked down the rest of the leak, 93 files overall. The data leak included 583,083 credentials. The passwords were hashed and salted, but the salts were leaked as well. From what I have seen, there weren’t any other major pieces of data included in the data leak, such as names or addresses. However, those impacted by the data leak should still be concerned about their credentials, and be on the lookout for an increased number of phishing attacks.”
The breach was first noted by Israeli publication Haaretz (paywall). The site further claimed that the attack was part of #OpIsrael, an initiative started back in November by the hacktivist group Anonymous when the Israel Defense Forces (IDF) began taking military action in the Gaza Strip against Hamas.
Yet the affiliation to Anonymous may not be accurate. First of all, there’s no mention of an “AnonSabre” on any of the main Twitter accounts associated with the group, nor on the social network at all. Furthermore, the main Pastebin in question does not mention OpIsrael, a movement that has largely quieted down since it began more than three months ago.
PwnedList agrees that the link is dubious. “Yes, it is unconfirmed that this leak is related to Anonymous,” Thomas told TNW. “All we know is that this leak was discussed in an Anonymous IRC and a link to this leak was posted in that same room. Walla was also one of the Anonymous targets for OpIsrael late last year.”
Anonymous or not, the leak appears to be a genuine one. If you use Walla, make sure to change your email account password.
See also – Anonymous attacks over 650 Israeli sites, wipes databases, leaks email addresses and passwords and Anonymous claims to have leaked over 3,000 names, home addresses, and phone numbers of donors supporting Israel
Image credit: Simeon Eichmann