On Monday, several millions of Israeli citizens faced harassment when their personal details like voter registration were leaked online, just two days prior to the general elections held in the country for its unicameral parliament, called Knesset.
The exposed data included voter registration details of 6,528,565 people and also the personal details of 3,179,313 Israelis amongst the total population of 9.3 million.
In the case of the latter, personal details like phone numbers, full names, ID card numbers, age, gender, home addresses and political preferences were present.
According to reports from the Israeli media, a threat actor who called himself ‘The Israeli Autumn’ has taken credit for the incident, as they kept on receiving emails over the weekend regarding links to a Ghostbin page that was hosting the entire data.
However, since Monday, the data has been widely shared around through several Telegram accounts, as per the product manager at Israeli threat intelligence firm KELA, Raveed Lab, who shared these personal findings with The Record, after seeking his own details getting leaked as well.
As per the hacker, the source of all this data is the website of an eponymous app, called Elector, which was developed by a company named Elector Software, who worked for Likud, which is the Israeli political party led by the current prime minister of Israel, Benjamin Netanyahu.
In February 2020, a web developer from Israel named Ran Bar-Zik discovered that the website of the app had left an API endpoint completely exposed, which allowed him to achieve a list of the site admins and even their account details, including security codes and passwords.
Bar-Zik said he was able to acquire a database that has personal details of the Israeli voters using those passwords. His discoveries, which were noted in a blog post, caused a huge scandal in Israeli media in early 2020. This happened because even though the political parties are provided with access to a full database of Israeli voters, which is supposed to be used for planning political campaigns and other related things, they are not allowed to share this information with a third party.
Bar-Zik reported the website of the apo to its parent company, and the web developer also made them aware of the possibilities of other political parties finding this issue before him and the chances of them exploiting the API to access the voter registration data of Israeli people.
Elector CEO, Tzur Yamin has denied any chances of this data coming from his company, when he communicated with The Record in private and the Israeli newspaper The Calcalist.
Even Bar-Zik was unable to connect the leak to the Elector, despite a report made by The Times of Israel which suggested that the two incidents were highly connected.
Many Israeli politicians and political experts have made theories regarding this that the data might have been leaked to sabotage the image of the Likud party.