A misconfiguration in an election day app developed by the N
Bar-Zik explained that he discovered the huge trove of data while was performing a security audit of the Elector app developed by
“Netanyahu is actually sending Likud activists into a serious security breach, one of the most serious that has been exposed in recent years in Israel.” reads the post published by Calcalist. “Because a major security failure in
At the time it is not clear if the leaked information was accessed also by unauthorized parties before it was discovered.
The Likud app was designed to allow the party’s political supporters to sign up for news and updates during the upcoming Israeli election, on March 2.
The party p
The analysis of the source code of the app revealed the presence of a link to an API endpoint that used to authenticate the site’s administrators.
The expert pointed out that the API doesn’t require any authentication to be used to query the application are receive the site’s administrators’s data in
Once obtained the credentials, Bar-Zik used them access to the site’s
The database was an official and up to date copy of Israel’s voter registration database, which each managed by any party before the election.
“The information includes the ID number, full name, full address, father’s name, ballot and voting address and voter ID – information that actually identifies all the senior citizens of Israel. This information was particularly up-to-date and comprehensive.” continues the post. “Bar Zick himself said that following an apartment move, he updated his address in the Interior Ministry just three weeks ago. His latest address appeared in the uncovered database.”
The records in the database included personal details such as full name, phone number, ID card numbers, home addresses, gender, age, and political preferences.
Following the discovery of the data leak, the official website of the Elector app has been taken down.