📢 Unlock Exclusive Cyber Threat Intelligence
Powered by DarkWebInformer.com
Get foundational access to breach intelligence — track breaches, leaks, and threats in real-time with unfiltered screenshots and expert summaries.
🏢 About ZIP
ZIP is a leading Israeli fashion brand specializing in youthful Italian-style clothing and accessories. Founded in 2003 by Ze’ev Aharonson, ZIP operates 54 retail locations across major malls in Israel, with headquarters in Afek Park, Rosh HaAyin, and a workforce of around 450 employees.
⚠ Disclaimer
This report includes actual screenshots and/or text that may include unredacted personally identifiable information (PII) gathered from publicly available sources.
The sensitive information presented within this report is intended solely for cybersecurity awareness and threat intelligence purposes.
📌 Overview
On July 30, 2025, a user named darkcrew posted on a known underground forum offering for sale a 2GB SQL file allegedly containing sensitive customer and user data from ZIP's internal systems. The post includes a 72-hour ultimatum to ZIP Group to respond, or else the full data set will be leaked for free.
📊 Key Details
| Attribute | Information |
|---|---|
| Date | 2025-07-30, 08:48:48 AM |
| Threat Actor | darkcrew |
| Victim Country | 🇮🇱 Israel |
| Industry | Fashion & Apparel |
| Victim Org. | ZIP |
| Victim Site | zipnet.co.il |
| Category | Data Breach |
| Severity | Medium |
| Network | Open Web (darkforums.st) |
Subscriber-only content…
🔗 Claim Post (Plain Text)
https://darkforums.st/Thread-Selling-Data-Breach-of-Leading-Israeli-Fashion-Chain-ZIP
📢 Threat Actor’s Claim
darkcrew states the following:
- The breach includes a 2GB SQL file with sensitive data
- Exfiltrated tables include customer IDs, usernames, full names, emails, registration timestamps, country, city, and more
- The post references
celio_dband appears to show raw SQL dump content - An ultimatum was issued: if ZIP does not respond within 72 hours, all data will be leaked publicly
- Contact is offered via a session token:
05ad8612408171da863d069bac2d0d1c98e2d83a404727798801f590a66a5b7a09
Sample fields shown:customer_id, user_id, username, first_name, last_name, email, country, postcode, city, state, date_registered
📸 Screenshot Preview
🛡️ WhiteIntel.io Access Infostealers Check
⚔️ Tactics, Techniques, and Procedures (TTPs)
| Tactic | Technique ID | Description |
|---|---|---|
| Collection | T1530 | Structured database table dumps |
| Exfiltration | T1041 | Data removed via SQL extraction |
| Extortion | T1499 | Ultimatum issued to coerce response from victim |
| Impact | T1589.002 | Customer email and location data exposure |
🚨 Potential Risks
- Exposure of Israeli citizens' full names, emails, and residential information
- Spam, phishing, and social engineering targeting ZIP customers
- Regulatory concerns under Israeli and international data protection laws
- Financial or brand damage to ZIP and its parent entity
- Potential credential reuse if passwords are included in the dump
✅ Recommended Security Actions
- Contact the threat actor using law enforcement or negotiator channels
- Inform affected individuals promptly and advise caution around phishing attempts
- Investigate any database vulnerabilities or misconfigurations
- Patch exposed services and perform credential resets if applicable
- Monitor for reposts or mirrored dumps on other dark web forums
💡 Final Thoughts
If confirmed, this breach represents another instance of regional retailers being targeted for customer PII. With detailed database structure and timestamps included, the data appears authentic. ZIP must act quickly to assess and mitigate the potential fallout.
![IOC Alert: Lumma Stealer C2 Domain Identified – larpfxs[.]top](/content/images/size/w1304/format/webp/2025/08/23985762398576198764252-1.jpg)
