Hackers strike again: 800,000 Hungarians’ data leaked in massive cyber attack!

In July 2024, a large-scale hacking attack leaked the personal data of hundreds of thousands of Hungarian users onto the dark web. The case involved Kütyübazár, an online shop that has been on the market for more than a decade and is known for its unique gift ideas.

The information obtained in the hack included names, email addresses and home addresses, initially sold by a user called SirDump. According to Index, the data dump contains details of approximately one million orders, which could have affected around 800-850 thousand users. The authenticity of the database has been confirmed by emailsec experts who have verified the leaked information and confirmed that the data it contains is authentic.

Fortunately, passwords and credit card details were not included in the package, so the data cannot be used to directly hack identities. However, experts warn that this wealth of personal data provides the perfect basis for fraud and phishing attacks that could cause serious financial and personal damage to those affected.

How did the breach occur?

The hackers likely obtained the data by exploiting vulnerabilities in Kütyübazár’s IT systems. A lack of proper encryption for customer data significantly increased the risk. László Jakab, the CEO of Kütyübazár, acknowledged that the attackers accessed the system by compromising an employee’s password.

In response to the attack, Kütyübazár immediately filed a police report, notified the National Data Protection Authority and informed the affected users by email in August. Since then, the company has completely replaced the open source system it had been using and introduced other security enhancements.

According to Dénes Fodor, an IT security expert at White Hat, the database does not contain the data of one million people, but rather that many orders, among which there may be duplicates. So realistically, the personal data of 800-850,000 users could have been compromised. However, Kütyübazár claims that the actual number of real users affected could be as low as 221, as a significant portion of the stolen data was either for testing purposes or fake data.

Flaws in the system and liability

According to Kütyübazár’s management, their previous systems were also checked by a cyber security expert, who found no critical flaws. Nevertheless, the attack has shown that even the smallest vulnerabilities can be exploited by hackers, especially in a market where hundreds of thousands of orders are placed every year. The company has tried to manage the situation responsibly by informing stakeholders, improving the system and working closely with the authorities to minimise the damage.

The events highlight the importance of cyber security, especially in the world of online shopping where huge amounts of personal data are handled. The incident also serves as a warning that companies need to continually improve their security systems and pay particular attention to training employees in password management and other basic security protocols.

In addition, users should be more aware, for instance, by updating their passwords regularly and avoiding sharing too much personal information online. For many, the data theft scandal could be a wake-up call to be more vigilant about their online presence and the protection of their data.

Read also:

• Ukrainian cyber criminal arrested in connection to €800,000 scam in Hungary!
• Outrageous: Fake product advertised on YouTube in the name of a prestigious Hungarian university

Featured image: depositphotos.com