6.5m Israeli voters' data exposed by software glitch

NEW YORK • A software flaw exposed the personal data of every eligible voter in Israel - including full names, addresses and identity card numbers for 6.5 million people - raising concerns about identity theft and electoral manipulation, three weeks before the country's national election.

The security lapse was tied to a mobile app used by Prime Minister Benjamin Netanyahu and his Likud party to communicate with voters, offering news and information about the March 2 election.

Until it was fixed, the flaw made it possible, without advanced technical skills, to view and download the government's entire voter registry, though it was unclear how many people did so.

How the breach occurred remains uncertain but Israel's Privacy Protection Authority, a unit of the Justice Ministry, said it was looking into the matter - though it stopped short of announcing a full-fledged investigation.

The app's maker, Elector Software, played down the potential consequences, describing the leak as a "one-off incident that was immediately dealt with" and saying it had since bolstered the site's security.

The flaw was first reported on Sunday by Israeli newspaper Haaretz.

Explaining the ease with which the voter information could be accessed, programmer Ran Bar-Zik, who revealed the breach, explained that visitors to the Elector app's website could right-click to "view source", an action that will then reveal the code behind a Web page.

That page of code included the user names and passwords of site administrators with access to the voter registry. Using those credentials would allow anyone to view and download the information.

"Jackpot!" he said on Monday. "Everything was in front of me!"

One Israeli website said it had been able to access the personal information of, among others, Mr Netanyahu, his wife Sara, Israeli military chief of staff Aviv Kochavi and domestic security agency Shin Bet's head Nadav Argaman.

Mr Bar-Zik said he received a tip-off about the problem last Friday.

The message was sent in English to Cybercyber, a podcast he hosts with two colleagues, and as evidence the tipster included Mr Bar-Zik's own details from the voter registry and those of his wife and son.

"It was spooky," he said.


A version of this article appeared in the print edition of The Straits Times on February 12, 2020, with the headline '6.5m Israeli voters' data exposed by software glitch'. Subscribe