Hackers strike again: 800,000 Hungarians’ data leaked in massive cyber attack!

In July 2024, a large-scale hacking attack leaked the personal data of hundreds of thousands of Hungarian users onto the dark web. The case involved Kütyübazár, an online shop that has been on the market for more than a decade and is known for its unique gift ideas.

The information obtained in the hack included names, email addresses and home addresses, initially sold by a user called SirDump. According to Index, the data dump contains details of approximately one million orders, which could have affected around 800-850 thousand users. The authenticity of the database has been confirmed by emailsec experts who have verified the leaked information and confirmed that the data it contains is authentic.

Fortunately, passwords and credit card details were not included in the package, so the data cannot be used to directly hack identities. However, experts warn that this wealth of personal data provides the perfect basis for fraud and phishing attacks that could cause serious financial and personal damage to those affected.

How did the breach occur?

The hackers likely obtained the data by exploiting vulnerabilities in Kütyübazár’s IT systems. A lack of proper encryption for customer data significantly increased the risk. László Jakab, the CEO of Kütyübazár, acknowledged that the attackers accessed the system by compromising an employee’s password.

In response to the attack, Kütyübazár immediately filed a police report, notified the National Data Protection Authority and informed the affected users by email in August. Since then, the company has completely replaced the open source system it had been using and introduced other security enhancements.

According to Dénes Fodor, an IT security expert at White Hat, the database does not contain the data of one million people, but rather that many orders, among which there may be duplicates. So realistically, the personal data of 800-850,000 users could have been compromised. However, Kütyübazár claims that the actual number of real users affected could be as low as 221, as a significant portion of the stolen data was either for testing purposes or fake data.