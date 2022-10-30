A breach in the Shas party’s election database has once again exposed the complete voter register of the State of Israel, containing detailed information on millions of citizens across the country.

A long-standing weakness in the Shas voter management system remained permeable to hackers with minimal technological knowledge, allowing access to phone numbers, family connections and a host of personal details — all without using specialist tools and via a web browser.

The failure that can be exploited to penetrate the system is an old and well-known weakness in PHP-based systems, and results from the fact that a debugger (software error checker) was installed on the system, which is accessed through a web interface. It is highly unusual to install a debugger on a “live website”, because you can enter it using any browser, see all website operations and extract information about the active “cookies” of the users.

The personal information exposed in the hack includes firstly the complete voter register, which contains first names, last names, ID numbers and addresses. But that’s not all: for every citizen we checked, we also found their gender, as well as landline and mobile phone numbers associated with them. For some of the numbers there is an indication if these devices are kosher or not.

Israeli political parties receive personal details of voters before the elections and commit to protecting their privacy, as well as not to reproduce the registry, not to provide it to a third party, and to permanently erase all the information once the election is over.

In some of the cases Haaretz examined, however, Shas’ database contained information on voting from previous elections, and even details of how the information was collected.

Shas operates a sophisticated system of documenting inquiries to members of the Knesset and party representatives and the database included a number of extremely personal inquiries, including some dealing with issues of sexual harassment and the bank account numbers of party operatives.

“The Shas party has operated a professional and reliable election program for many years, like all the other parties in Israel, and maintains a legally registered database. All information held by Shas is legally collected by it and held and preserved in accordance with the provisions of the law, overseen by the best security experts in Israel,” Shas said in a statement on Sunday.

“Today in the morning, we were informed about a fear of illegal access to the database. Immediately upon receiving a reference, and following the information provided to us, we conducted a comprehensive inspection of the database using security experts, and implemented a number of immediate changes, so that all information will be kept securely. Shas continues a comprehensive inspection of the database systems, and will act as necessary against any party found to have acted in violation of the law.”

In 2019, a hacker claimed to have broken into Israel’s voter registry and stole information on six million Israelis, although some believed that the information released had come from a previous breach 11 years prior.

In 2020, opposition leader Benjamin Netanyahu’s Likud party uploaded the full register of Israeli voters to an application, causing the leak of personal data on 6,453,254 citizens.