Hacker Reveals Breach Exposing Flight Histories of Netanyahu Family, Other Israeli Officials

System also contains data on 700,000 visa applications submitted by Israeli citizens to foreign embassies

Amitai Ziv
Amitai Ziv
File photo: The Netanyahu family on a flight back to Israel after their first official visit to the United States, 1996.
File photo: The Netanyahu family on a flight back to Israel after their first official visit to the United States, 1996.Credit: Yaakov Saar / GPO
Amitai Ziv
Amitai Ziv

A security breach revealed in a system used by major Israeli travel agencies risks exposing flight itineraries of Prime Minister Benjamin Netanyahu and his family, as well as other senior Israeli officials.

The system, operated by Amadeus IT Group, also contains data on 700,000 visa applications submitted by Israeli citizens to foreign embassies, including details of interviews and whether their applications had been approved or rejected.

The hacker who exposed the breach asked to remain anonymous, and explained that Amadeus "provides services to a vast part of Israel's travel agencies ... and the government firm Inbal. [It] documents every flight and hotel booked by the travel agencies, saving data dating back 15 years."

The data can be obtained online via a technique known as SQL injection, in which code is added to a web form, making it possible to access or alter online resources.

"This mass data is accessible to everyone and is especially sensitive since it contains information about senior government and defense establishment officials, who use the sercies of travel agencies that employ this system," the hacker said.

The hacker noted that the database contains 15 million records and an option to send queries. He explained that in order to search for data on Prime Minister Benjamin Netanyahu and his family he just had to write Netanyahu in the query box.

Furthermore, email addresses through which the flights and hotels were booked can also be obtained.

Once Amadeus and the Israel National Cyber Directorate made aware of the security breach, they immediately acted to rectify it.

Amadeus said in a statement: "On May 20, the company learned about a settings failure on its platform, which Israeli travel agencies use to receive benefits and book reservations, thus enabling an illegal and unauthorized access to flight itinerary data. Our cybersecurity team immediately acted and succeded in fixing the security breach."

Click the alert icon to follow topics:

Comments

SUBSCRIBERS JOIN THE CONVERSATION FASTER

Automatic approval of subscriber comments.

Subscribe today and save 40%

Already signed up? LOG IN

ICYMI

Election ad featuring Yair Lapid in Rahat, the largest Arab city in Israel's Negev region.

This Bedouin City Could Decide Who Is Israel's Next Prime Minister

Dr. Claris Harbon in the neighborhood where she grew up in Ashdod.

A Women's Rights Lawyer Felt She Didn't Belong in Israel. So She Moved to Morocco

Mohammed 'Moha' Alshawamreh.

'It Was Real Shock to Move From a Little Muslim Village, to a Big Open World'

From the cover of 'Shmutz.'

'There Are Similarities Between the Hasidic Community and Pornography’

A scene from Netflix's "RRR."

‘RRR’: If Cocaine Were a Movie, It Would Look Like This

Prime Minister Yair Lapid.

Yair Lapid's Journey: From Late-night Host to Israel's Prime Minister