The voter registration and personal details of millions of Israeli citizens leaked online two days before the country held general elections for Knesset, its unicameral parliament.
The threat actor exposed voter registration details of 6,528,565 Israeli citizens and the personal details of 3,179,313 citizens.
The exposed information included full names, phone numbers, home addresses, gender, age, ID card numbers, and political views, according to reports from Israeli media.
“The Israeli Autumn,” the threat actor who took credit for the leak, said on the weekend, someone emailed them links to a Ghostbin page hosting the data.
Since Monday, the data has been shared on social media, including on multiple Telegram channels, Recorded Future reports.
It was determined the source of the data leak was Elector, an app developed by Elector Software for Likud, the Israeli political party headed by Benjamin Netanyahu, the current Israeli prime minister.
It turned out an Israeli web developer Ran Bar-Zik got a list of the site’s admins and their account details, including passwords, by exploiting an exposed API endpoint on the app’s website. Using the stolen passwords, Bar-Zik accessed a database containing the personal details of Israeli voters.
Bar-Zik’s detailed his discoveries in a blog post that caused a rather big media scandal in Israel in early 2020. At the time, Bar-Zik didn’t publish the voter data anywhere but only reported it and warned that other parties might have found the issue with API before him and could have exploited it to harvest the Israeli voter data.
It seems Bar-Zik’s suspicions have been confirmed this week when the voter data surfaced just a couple of days prior to the country’s parliament elections.
Some speculated that the data have been leaked purposely to damage the Likud party’s reputation and public trust. Despite the leak, though, Likud is largely expected to win the March 2021 Knesset elections.