Israeli Medical Data Leaked in Ongoing Cyberattack by Iran-linked Hackers

Send in e-mailSend in e-mail
Send in e-mailSend in e-mail
Atraf's homepage.
Atraf's homepage.

An Iran-linked hacking group that had breached the servers of an Israeli web hosting site started leaking more databases of personal information on Wednesday, including from a medical clinic.

The database from the Machon Mor chain of health clinics is one of the most sensitive troves of personal information stolen by the Black Shadow hacker group, as it includes medical information. Although the database was taken from respondents to the website’s “contact us” page, many people included in those messages the ailments from which they were suffering or the details of the treatment they wish to receive.

LISTEN: 'Biden has only one real option on Iran. Israel will have to live with it'

-- : --

Wednesday’s leak also included subscribers to the 103 FM and 104.5 FM radio stations, a database from the LockerAmbin furniture company, and other firms. In each case, many thousands of lists of user information were leaked to the internet, some of which include identifying information.  

The leak began on Sunday, after hackers from the Black Shadow group infiltrated the servers of the Israeli web hosting site Cyberserve, and started disseminating the data it had stolen from the LGBTQ dating site Atraf. After their $1 million ransom was not met, they tried to sell some of Atraf’s database. Some of the personal information started to appear on the internet, and these personal details continued to reappear throughout the web.

An Israeli court ordered the country’s internet providers on Wednesday to block access to all the websites that were breached in the hack. The State Prosecutor’s Office’s Cyber Department urgently requested that the Tel Aviv Magistrate’s Court issue the order, so as to curb the leaks as much as possible.

Judge Or Reuven Mammon acceded to the request, and ordered all the personal information that was leaked from Cyberserve’s website be erased throughout the internet, in order to reduce the potential damage. The Justice Ministry said that internet service providers have already started blocking websites whose databases were leaked. The order also blocks searches for the leaked information.   

The Israeli authorities’ tools for blocking these sites are limited. Judge Mammon’s order emphasized that the encrypted messaging platform Telegram be blocked, as it has been the main source for leaking the databases. In practice, the state cannot block the app. It also cannot block internet users from outside the country.

Also on Wednesday, the Privacy Protection Authority said that it was opening an investigation into Cyberserve and Atraf, on suspicion of negligence in securing the sensitive information they collected before the cyberattack. The authority added that it has forbidden the company from bringing its website back online until further notice.

The authority, its announcement said, ordered the company to personally explain to each victim whose information was leaked exactly which details were disseminated, and what they must do in order to reduce the potential damage. Despite this, reports from Atraf users say that most have not been notified by the company about the leak.

The authority also warned the public against downloading the Atraf database, which is a criminal offense.

Click the alert icon to follow topics: