Netanyahu's party exposes data on over 6.4 million Israelis (Feb 10, 2020)
Verizon Media researcher Ran Bar-Zik found that a misconfiguration in an election-related application resulted in the leak of Personally Identifiable Information (PII) associated to approximately 6.5 million Israeli citizens. The data was exposed because of an API endpoint left unsecured without a password. The application, called “Elector”, was created by the party of Israeli prime minister, Benjamin Netanyahu. The data consisted of: age, full name, gender, home address, ID card numbers, and political preferences. As of this writing, it is unknown if the data was illicitly accessed.
Recommendation: The exposure of Personally Identifiable Information (PII) requires affected individuals to take precautionary measures to protect their identity and their finances. Identity theft services can assist in preventing illicit purchases, or applying for financial services from taking place by actors using stolen data.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.