Skip to content Dark Web Informer - Cyber Threat Intelligence

Alleged Data Breach of Israeli Fashion Chain ZIP

📢 Unlock Exclusive Cyber Threat Intelligence

Powered by DarkWebInformer.com

Get foundational access to breach intelligence — track breaches, leaks, and threats in real-time with unfiltered screenshots and expert summaries.

📚
4,000+ Blog Posts: Continuously updated with breach reports and threat summaries.
📢
26,000+ Alerts: Access detailed breach, leak, and DDoS alerts updated daily.
📤
Unredacted Threat Feed: Track breaches and leaks in real-time with JSON export support.
🔍
Leak & Breach Coverage: Get direct access to breach posts and claims.
📡
Snippets & Quick Facts: Receive concise summaries of DDoS, defacements, and breaches.
🌐
Access 500+ Onion and Clearnet Resources: Gain verified access to a growing index of dark web sites and services.
📊
Real-Time Uptime Dashboard: Monitor live status of 500+ dark web and clearnet sites.
🤖
WhiteIntel.io API Access: Access an integrated API, in breach blog posts.
🖼️
High-Resolution Images: View uncompressed, watermark-free breach evidence.
🔑
Keyword Notifications: Receive browser alerts when monitored keywords are triggered.
👥
Telegram Channels: Stay in the know with access to different Telegram channels.
📨
PGP Contact Details: Access verified PGPs for ransomware and threat groups.

🏢 About ZIP

ZIP is a leading Israeli fashion brand specializing in youthful Italian-style clothing and accessories. Founded in 2003 by Ze’ev Aharonson, ZIP operates 54 retail locations across major malls in Israel, with headquarters in Afek Park, Rosh HaAyin, and a workforce of around 450 employees.


⚠ Disclaimer

This report includes actual screenshots and/or text that may include unredacted personally identifiable information (PII) gathered from publicly available sources.
The sensitive information presented within this report is intended solely for cybersecurity awareness and threat intelligence purposes.


📌 Overview

On July 30, 2025, a user named darkcrew posted on a known underground forum offering for sale a 2GB SQL file allegedly containing sensitive customer and user data from ZIP's internal systems. The post includes a 72-hour ultimatum to ZIP Group to respond, or else the full data set will be leaked for free.


📊 Key Details

AttributeInformation
Date2025-07-30, 08:48:48 AM
Threat Actordarkcrew
Victim Country🇮🇱 Israel
IndustryFashion & Apparel
Victim Org.ZIP
Victim Sitezipnet.co.il
CategoryData Breach
SeverityMedium
NetworkOpen Web (darkforums.st)

Subscriber-only content…


🔗 Claim Post (Plain Text)

https://darkforums.st/Thread-Selling-Data-Breach-of-Leading-Israeli-Fashion-Chain-ZIP


📢 Threat Actor’s Claim

darkcrew states the following:

  • The breach includes a 2GB SQL file with sensitive data
  • Exfiltrated tables include customer IDs, usernames, full names, emails, registration timestamps, country, city, and more
  • The post references celio_db and appears to show raw SQL dump content
  • An ultimatum was issued: if ZIP does not respond within 72 hours, all data will be leaked publicly
  • Contact is offered via a session token: 05ad8612408171da863d069bac2d0d1c98e2d83a404727798801f590a66a5b7a09

Sample fields shown:
customer_id, user_id, username, first_name, last_name, email, country, postcode, city, state, date_registered


📸 Screenshot Preview


🛡️ WhiteIntel.io Access Infostealers Check


⚔️ Tactics, Techniques, and Procedures (TTPs)

TacticTechnique IDDescription
CollectionT1530Structured database table dumps
ExfiltrationT1041Data removed via SQL extraction
ExtortionT1499Ultimatum issued to coerce response from victim
ImpactT1589.002Customer email and location data exposure

🚨 Potential Risks

  • Exposure of Israeli citizens' full names, emails, and residential information
  • Spam, phishing, and social engineering targeting ZIP customers
  • Regulatory concerns under Israeli and international data protection laws
  • Financial or brand damage to ZIP and its parent entity
  • Potential credential reuse if passwords are included in the dump

  • Contact the threat actor using law enforcement or negotiator channels
  • Inform affected individuals promptly and advise caution around phishing attempts
  • Investigate any database vulnerabilities or misconfigurations
  • Patch exposed services and perform credential resets if applicable
  • Monitor for reposts or mirrored dumps on other dark web forums

💡 Final Thoughts

If confirmed, this breach represents another instance of regional retailers being targeted for customer PII. With detailed database structure and timestamps included, the data appears authentic. ZIP must act quickly to assess and mitigate the potential fallout.

Latest