Israeli Marketplace Yad2 Breach Exposed 50,584 User Records

HEROIC analysts identified a database breach affecting Yad2, Israel's leading classified ads marketplace, on August 4, 2024. The breach exposed 50,584 user records, with compromised data including phone numbers and usernames. Yad2 operates across real estate, vehicles, jobs, services, and second-hand goods, making its user base a high-value target for threat actors seeking contact information tied to active buyers and sellers.

Why This Is Dangerous: With phone numbers and usernames in hand, attackers can launch targeted SMS phishing (smishing) campaigns impersonating Yad2 to steal payment credentials. Usernames enable account enumeration, allowing adversaries to test credentials across other platforms. Buyers and sellers on classified ad platforms frequently exchange personal contact details as part of normal transactions, making them particularly vulnerable to social engineering designed to mimic legitimate marketplace activity.

What Was Exposed

• Phone Number
• Username

Why This Matters

Phone numbers are persistent identifiers that do not change like passwords. Once exposed, they enable smishing attacks, SIM-swap fraud, and two-factor authentication bypass. Combined with usernames, attackers can craft convincing, personalized messages that appear to come from Yad2 or other services the victim uses. This data combination supports account takeover attempts, identity fraud, and targeted marketplace scams that exploit the trust users place in the platform.

How Database Breaches Work

A database breach occurs when an attacker gains unauthorized access to a backend database and extracts stored records. This can happen through SQL injection attacks that manipulate poorly sanitized queries, through compromised administrative credentials obtained via phishing or credential stuffing, or through misconfigured database servers exposed to the public internet. Once inside, attackers can copy entire tables of user data in minutes. The extracted data is then typically sold or shared on dark web forums, where it reaches a wide range of malicious actors.

Check If You Are Affected

If you have ever registered on Yad2 or used its services, your phone number and username may be among the 50,584 records exposed in this breach. Use the HEROIC free identity scanner to check whether your information appears in this breach or any of the 400 billion+ records in our database. Early detection gives you time to act before attackers do.