The voter registration and personal details of millions of Israeli citizens were leaked online on Monday, just two days before the country held general elections for its unicameral parliament, known as the Knesset.

Exposed information included the voter registration details of 6,528,565 Israelis and the personal details of 3,179,313 of Israel’s estimated 9.3 million total population.

For the latter, details like full names, phone numbers, ID card numbers, home addresses, gender, age, and political preferences were included.

A threat actor calling itself “The Israeli Autumn” took credit for the leak, according to reports from Israeli media, who said they received emails over the weekend with links to a Ghostbin page hosting the data.

But since Monday, the data has now been widely shared on multiple Telegram channels, Raveed Laeb, Product Manager at Israeli threat intelligence firm KELA, told The Record on Wednesday, after finding his own personal details in the leaked files.

Elector-leak-Telegram
Image: The Record
Elector-leak-full
Image: The Record

According to the hacker, the source of this data is Elector, the website of an eponymous app developed by a company named Elector Software for Likud, the Israeli political party led by the country’s current prime minister Benjamin Netanyahu.

In February 2020, an Israeli web developer named Ran Bar-Zik, found that the app’s website had left exposed an API endpoint that allowed him to get a list of the site’s admins and their account details, including passwords.

Elector-site-leak
Image: Ran Bar-Zik

Using those passwords, Bar-Zik said he was able to access a database containing the personal details of Israeli voters.

Bar-Zik’s discoveries, detailed in a blog post, caused a major media scandal in Israel in early 2020 because while political parties are granted access to Israel’s full voter database for reasons like political campaign planning, they are not supposed to share this data with third-parties.

At the time, Bar-Zik reported the app’s website snafu to its parent company, but the web developer also warned that it was unclear if other parties found the same issue before him and if they exploited the API to harvest the voter registration data of Israeli citizens.

However, Elector CEO Tzur Yamin has denied that this data came from his company, in both a private conversation with The Record and to Israeli newspaper The Calcalist, where he said he was the subject of an extortion attempt.

Bas-Zik, who reported on this new leak for local news agency Haaretz, was also unable to link the leak to Elector, despite a report from The Times of Israel suggesting the two incidents are connected.

Several Israeli political experts have theorized this week that the data could have been leaked to damage the Likud party’s public image and trust; however, the leak doesn’t appear to have had any impact as Likud is expected to win the March 2021 Knesset elections.

Article updated to add the Elector’s CEO statements about the extortion attempt and clarify that the link between the 2020 incident and this leak are yet to be formally proven.


administrator

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.

Freelance writer