An Iranian-linked hacker group released on Tuesday a massive data dump from LGBTQ dating app Atraf, in what the Israel Internet Association called "one of the most serious attacks ever on privacy in Israel."
The app, popular with the LGBTQ community, had a 700-megabyte file stolen with information of about 1 million listings with full details about the users, including information such as sexual orientation and HIV status.
Over the weekend the group, Black Shadow, released a file containing about 1,000 user profiles from Atraf and said it would publish the remainder if its demand for payment was not met. On Tuesday, the 48-hour deadline it gave for paying $1 million expired.
CyberServe, which hosts the Atraf app, hired a cyber-crisis company named Code Blue, and released its first public statement after the hack: “This is a planned and focused Iranian awareness attack against Israeli citizens and the gay community. We warned the Israeli authorities about the hackers’ intention of publishing the listings, and asked for the immediate removal of the Telegram accounts. We are continuing to cooperate with the National Cyber Directorate and the Privacy Protection Authority, and we are stressing the need to prevent publication.”
“We’re asking surfers and media outlets to do everything possible to prevent the publication of personal details and materials, and to report on any suspicious requests to the appropriate legal authorities. The company has not conducted negotiations with the Iranian hacking group. The company is taking all the necessary steps to control the damage and end the incident. We are aware of Atraf users’ fears and have placed an information hotline at their disposal to answer questions.”
“What we expect from technology giants, including Facebook and Google, is for them to remove the content as soon as possible if it’s published on their platforms. This is a matter of life and death. At the same time, the government must act with all the legal and technological tools at its disposal in order to prevent and remove publication of the sensitive information.”
Yoram Hacohen, CEO of the Israel Internet Association, added that, “at this time Israeli citizens are experiencing cyberterrorism. It is terrorism for all intents and purposes, and now we have to focus on minimizing the damage and suppressing the dissemination of the content as much as possible.”
- Does Crime Pay? A Conversation With a Hacker Targeting Israel
- Cyberattack Sets Major Israeli Hospital Back Decades
- Microsoft: Iran-linked Hackers Breached Israeli, U.S. Security Firms' Accounts
In the wake of the incident, there will be a discussion on Monday in the Knesset Constitution, Law and Justice Committee entitled: “Protection of privacy in the social media with the increase of cyberattacks; does Israel have the legal tools to protect the privacy of its citizens.” The discussion is being held at the request of the Israeli NGO, Privacy.
The director of the Cyber Unit in the State Prosecutor’s Office, Dr. Haim Wismonsky, said that the unit will continue to take steps to reduce and disrupt the activity of cyber criminals, in order to protect the privacy and safety of Israeli citizens on the internet.
Google has blocked access to the websites of the Black Shadow group following a request from the unit’s staff. Additionally, the Telegram has blocked another two channels belonging to the group, in which personal information obtained by hacking databases was disseminated.”
The Black Shadow hackers have also leaked other information documents, one from the Dan public transit company and another from the Pegasus tourism company. Pegasus’ document also include unhashed passwords, email addresses and telephone numbers. Earlier on Sunday, the hackers released information from the Kavim public transit company. The Atraf leak is particularly sensitive, though, due to its LGBTQ user base.