A database with the names and ID numbers of all the eligible voters in Israel was leaked online by anonymous hackers on Monday, a year after an identical breach and a day before the country’s fourth election in less than two years.
The source of the data seems to be the app elector designed by the software firm Elector Software for the Israeli political party Likud. The threats some of which were sent directly to the firm, included warnings that the threat actors would leak data that was allegedly stolen from the app, as well as private information on the firm’s CEO Tzur Yemin, and his family unless the app ceases operating.
Last week, threat actors threatened to expose Israel’s full voter registry. The hackers initially shared links to download the data they claim to have stolen. The files were encrypted, while the threat actors were threatening to distribute the password unless the use of the Elector app was discontinued.
Earlier this week, the hackers revealed the password via websites that don’t require registration allowing anyone to access them. The attackers identified as ‘The Israeli Autumn’, declared they were forced to release the information due to the failure of authorities to deal with Elector.
Leaked data included the voter registration details of 6,528,565 Israelis and the private details of 3,179,313 of Israeli’s estimated 9.3 million total population (full names, phone numbers, ID card numbers, home addresses, gender, age, and political preferences).
In February 2020, an Israeli web developer named Ran Bar-Zik, discovered that the app’s web had left exposed. An API endpoint that permitted him to get a list of the site’s admins and their account details, including passwords. Using those passwords, Bar-Zik said he was able to access a database containing the personal details of Israel voters.