Recently, attackers calling themselves “The Israeli Autumn” have published archives containing the full names, phone numbers, ID card numbers, home addresses, gender, age, and political preferences for over 3 million Israeli citizens. The archives also contained the full voter registration for over 6 million Israeli citizens, as initially reported by The Record. The breach, occurring two days before Israel’s general elections, originated from an exposed API endpoint in an app designed by Likud (the Israeli political party led by the country’s current prime minister Benjamin Netanyahu). This exposed endpoint was reported initially in Feb 2020 by an Israeli web developer named Ran Bar-Zik; however, the app developer warned that they were unsure if more people (like The Israeli Autumn”) exploited the vulnerability.
As the leaked data included a lot of personally identifiable information, Binary Defense warns all Israeli citizens that they may be victims of phishing attacks using the breaches as a springboard. Additionally, Binary Defense recommends investing in a service like Binary Defense’s Counterintelligence team to receive alerts when personally identifiable information appears on forums.