A security breach in an election app exposed the sensitive personal information of nearly 6.5 million Israelis to hackers, according to Israeli media reports.
News of the data breach comes just three weeks before the countryโs national election on March 2.
The security flaw was found on the mobile-based application, Elector designed by the Israeli software company Feed-b. This app is being used by Israelโs Prime Minister Benjamin Netanyahu and his Likud party for campaign management and to offer news and information on the upcoming election to voters.
According toย Haaretz, the breach discovered by a programmerย in the Electorโs system could have potentially exposed the names, addresses, ID numbers, polling stations of eligible Israeli voters along with their phone numbers in many cases, gender and whether they were potential Likud voters.
Ran Bar-Zik, a senior developer at Verizon Media, who spotted the breach and reported it to Israelโs cyber headquarters, said that โwhen we talk about hacking, we imagine people in hoodies doing technical stuff.โ But in this case, no technical skills were needed.
He also added that the information present on the app would be extremely valuable if it were released.
โThis is a rare treasure trove of information on no less than 6,453,254 Israeli citizens that any foreign government, intelligence organization, or commercial company would like to own,โ Bar-Zik said.
The Likud party admitted that it had “thwarted an attempt” to damage a digital platform. The party also tried to transfer the blame on the app by saying that โit should be emphasized that this is an external software provider providing services to many parties.โ
Following the discovery, the Likud party said that the โsecurity of the site has been enhancedโ. The Privacy Protection Authority said in a statement it was looking into the Elector incident and stated that responsibility for obeying with Israeli privacy law involving the use of the voter registry โlies with the parties themselves.โ
Feed-b, the developer of the application, commented on the vulnerability as a โone-off incident that was immediately dealt with,” and said it had since strengthened the siteโs security.
Itโs unclear whether any information from the app had been downloaded before the security issue was addressed.