{"uuid": "7013db70-8e06-4c64-b9ac-b50a250ae4f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38063", "type": "exploited", "source": "https://t.me/LegionServiceNews/2070", "content": "\ud83d\udcf0 Massive HYP Credit Card Database Breach: 1.7 Million Records Up for Sale  \n\nLeak Date: November 2024  \nTotal Data Volume: 1.7 million records  \nFile Type: Database  \nFile Size: Not specified  \n\n\ud83d\udea8 Organization Overview:  \nHYP, an Israeli retail company, is at the center of a significant data breach, exposing sensitive credit card information belonging to its customers. Hackers have put the entire database up for sale, claiming to sell it exclusively to one buyer. This breach demonstrates severe vulnerabilities within HYP's network security systems.\n\n\ud83c\udf0d Country: Israel  \n\ud83d\udd17 Website: hyp.co.il\n\n\ud83d\uddc2 Leak Information:  \nThe leaked data includes:  \n- Cardholder Information: Full name, ID number, phone number.  \n- Credit Card Details: Card number, expiration date, CVV, card type.  \n\n\ud83d\udc80 Terms of Sale:  \n- Full Database (1.7M records): $100,000.  \n- Sample Data (500\u20131000 records): $1 per record.  \n- The database will be sold to a single buyer to ensure exclusivity.  \n- Payment accepted in cryptocurrencies (ETH/BTC).  \n\n\ud83d\udd10 How the Data Was Acquired:  \nThe hackers exploited CVE-2024-38063, a critical vulnerability, during an email phishing campaign. By gathering IPv6 addresses from HYP's systems, they gained unauthorized access to sensitive data, resulting in the theft of the credit card database.  \n\n\ud83d\udd10 Recommendations for the Organization:  \n1. Notify affected customers and relevant authorities about the breach immediately.  \n2. Patch the exploited vulnerability and conduct a comprehensive forensic investigation.  \n3. Strengthen authentication mechanisms and improve network segmentation.  \n4. Enhance employee training to prevent phishing attacks.  \n5. Monitor for misuse of the stolen data and collaborate with cybersecurity agencies.  \n\n*\"Analyzing Leaks, Securing Tomorrow - Legion Service News\"*  \n\n#DataGuardAlert #LegionTrustFund #LegionServiceNews #Israel #Retail", "creation_timestamp": "2024-11-28T09:20:52.000000Z"}