6.5m israeli 3.2m monday cimpanu On Monday, the voter registration and personal information of millions of Israelis were released online, just two days before the country’s general elections for the Knesset, its unicameral parliament.
The exposed data contained voter registration information for 6,528,565 Israelis and personal information for 3,179,313 of Israel’s estimated 9.3 million overall population.
The latter contained information such as full names, phone numbers, ID card numbers, home addresses, gender, age, and political inclinations.
According to claims from Israeli media, a threat actor calling itself “the Israeli Autumn” claimed responsibility for the leak. The media said they got emails over the weekend including links to a Ghostbin page storing the data.
Raveed Laeb, product manager at Israeli threat intelligence business KELA, told The Record on Wednesday that since Monday, the material has been freely circulated on several Telegram channels. Laeb discovered his own personal information among the hacked files.
According to the hacker, this information originated from Elector, the website of an app produced by Elector Software for Likud, the Israeli political party led by current prime minister Benjamin Netanyahu.
In February of 2020, an Israeli web developer named Ran Bar-Zik discovered that the app’s website exposed an API endpoint that allowed him to obtain a list of site administrators and their account information, including passwords.
Bar-Zik claimed he was able to access a database containing the personal information of Israeli voters by using these passwords.
The findings, which Zik revealed in a blog post, sparked a major media scandal in Israel in early 2020, as political parties are allowed access to Israel’s entire voter database for purposes such as political campaign planning but are not allowed to share this information with third parties.
At the time, Bar-Zik reported the app’s website flaw to its parent firm, but the web developer also cautioned that it was unclear if other parties discovered the same problem before him and if they exploited the API to gather the voter registration information of Israeli residents.
However, Elector CEO Tzur Yamin has disputed that this information originated from his company, both in a private conversation with The Record and in an interview with the Israeli publication The Calcalist, where he claimed he was the target of an attempt at blackmail.
Despite a claim from The Times of Israel indicating a connection between the two instances, Bas-Zik, who reported on this new leak for the Israeli news agency Haaretz, was unable to establish a link between it and Elector.
Several Israeli political experts suggested last week that the data may have been leaked to harm the Likud party’s public image and credibility; nevertheless, the leak appears to have had little effect, as Likud is predicted to win the March 2021 Knesset elections.
The article has been amended to include the CEO’s words regarding the extortion attempt and to explain that the link between the 2020 event and this leak has not been formally established. 6.5m israeli 3.2m monday cimpanu