Sefi Krupsky and Oded Yaron report:
A hacker claiming to be a member of a group of Saudi hackers called Group-XP, hacked into Israel’s leading sports website – One, and posted what he claims is the personal information – including credit card numbers – of hundreds of thousands of Israelis.
People who visited One’s website, on Monday, were redirected to a page on pastbay.com, where a message by a hacker who identified himself as xOmar 0 suggesting visitors download a linked file containing a database of Israelis and their personal information, including names, addresses, and credit card, telephone, and ID numbers.
Read more on Haaretz.com.
Ynet reports that a student who analyzed the data claims that although there are 400k entries, only 18,000 of them are unique.
Update Jan. 3: The Jerusalem Post reports:
The details of some 15,000 Israeli credit cards were posted on the One sports website by an international group of hackers. The group targeted three credit card companies: Isracard, Leumi Card and Cal. The Bank of Israel clarified that victims of the incident would be protected under the Debit Card Law.
Additional coverage from The Jerusalem Post can be found here.
Globes, an Israeli site, adds:
he hacking of the ONE website has already been rectified and it is functioning normally. ONE CEO Udi Milner said, “One of our servers was broken into tonight. Our IT team identified the breach and neutralized it within minutes. The matter is being dealt with.”
The Saudi hacker, who calls himself OxOmar, announced online that he succeeded in stealing information including names, addresses, id numbers, telephone numbers, and of course, credit card details including expiration dates and security numbers listed on the back of the card.
The hacking of the ONE website was carried out in order to publicize the theft of Israeli information and the download link. The ONE website does not store Israeli credit card details. Visitors to ONE’s website are transferred to a free uncensored text hosting site called PasteBay which is where the information is located.
Additional coverage can be found on The Los Angeles Times. CyberWarNews.info also provides some details as to what the hacker claimed to have dumped (the data dump has since been removed).