A security breach in an election app exposed the sensitive personal information of nearly 6.5 million Israelis to hackers, according to Israeli media reports.
News of the data breach comes just three weeks before the country’s national election on March 2.
The security flaw was found on the mobile-based application, Elector designed by the Israeli software company Feed-b. This app is being used by Israel’s Prime Minister Benjamin Netanyahu and his Likud party for campaign management and to offer news and information on the upcoming election to voters.
According to Haaretz, the breach discovered by a programmer in the Elector’s system could have potentially exposed the names, addresses, ID numbers, polling stations of eligible Israeli voters along with their phone numbers in many cases, gender and whether they were potential Likud voters.
Ran Bar-Zik, a senior developer at Verizon Media, who spotted the breach and reported it to Israel’s cyber headquarters, said that “when we talk about hacking, we imagine people in hoodies doing technical stuff.” But in this case, no technical skills were needed.
He also added that the information present on the app would be extremely valuable if it were released.
“This is a rare treasure trove of information on no less than 6,453,254 Israeli citizens that any foreign government, intelligence organization, or commercial company would like to own,” Bar-Zik said.
The Likud party admitted that it had “thwarted an attempt” to damage a digital platform. The party also tried to transfer the blame on the app by saying that “it should be emphasized that this is an external software provider providing services to many parties.”
Following the discovery, the Likud party said that the “security of the site has been enhanced”. The Privacy Protection Authority said in a statement it was looking into the Elector incident and stated that responsibility for obeying with Israeli privacy law involving the use of the voter registry “lies with the parties themselves.”
Feed-b, the developer of the application, commented on the vulnerability as a “one-off incident that was immediately dealt with,” and said it had since strengthened the site’s security.
It’s unclear whether any information from the app had been downloaded before the security issue was addressed.
