On Saturday night, the hacker organisation "Black Shadow" released data from a number of Israeli companies, including the LGBTQ dating app "Atraf," the Dan bus company, and the Pegasus tour booking company. Following similar threats, they exposed data from the Kavim bus app earlier in the day. “They did not contact us ... So first data is here,” the group wrote on Telegram, attaching a snapshot of what appeared to be a database of personal information about Israeli individuals. "It will be more if you do not contact us," the organisation added.
On Saturday afternoon, Kavim issued a statement stating that they were aware of the security incident. “As soon as the incident became known to us, the company contacted the Transport Ministry, the Cyber Security Headquarters, and also hired external professionals in the field to complete a comprehensive, professional and independent investigation into the incident.”
According to the group, the Atraf website's database had information on one million people. Atraf is a geo-located dating service and nightlife index whose app and website are popular among Israel's LGBT community.
“If we have $1 million in our [digital] wallet in the next 48 hours, we will not leak this information and also we will not sell it to anybody." The hacker group stated, "This is the best thing we can do," emphasising that it had access to users' chat content as well as event ticket and purchasing information.
Some Atraf users' names and locations, as well as the HIV status that some users had posted on their profiles, have already been made public. The Israel AIDS task force told the Walla news site in a statement that they were deeply concerned by the news. The idea that a person's HIV positive status could be revealed without their consent disturbs the task force.
The Black Shadow hackers have yet to release the data troves they claim to have, despite the fact that the websites that were breached have been down since the attack was announced, as the hackers turned off the Cyberserve servers, thus shutting down their clients' websites.
The organisation sought bitcoins as ransom and shut down the servers when Cyberserve failed to make payment. It was previously responsible for assaults on Israeli vehicle insurance firm Shirbit and finance company KLS. In December 2020, Shirbit was the target of the greatest hack against an Israeli company at the time, with Black Shadow demanding 50 Bitcoins (almost $1 million at the time) as ransom.