A misconfiguration in an election day app developed by Likud, the party of Israeli prime minister Benjamin Netanyahu, may have potentially exposed and compromised the personal details of almost 6,5 million Israeli citizens.
The leak was discovered and detailed today by Ran Bar-Zik, an Israeli-born frontend developer for Verizon Media.
It is unclear if the exposed server and data was harvested by unauthorized parties before Bar-Zik's discovery and public disclosure. Local Israeli media like Haaretz, Calcalist, and Ynetconfirmed Bar-Zik's findings.
HOW THE LEAK WAS DISCOVERED
According to Bar-Zik, he discovered the leak while performing a security audit of Elector, an app developed by Elector Software for Likud, an Israeli political party led by the country's current prime minister Benjamin Netanyahu.
Bar-Zik said he looked into the app after local media surfaced several privacy-related issues about the app in recent weeks, such as problems with the app allowing users to register other users for SMS-delivered news without their consent.
According to local media, the Likud party ordered the app to allow political supporters to sign up for news and updates during the upcoming Israeli legislative election, to be held on March 2, next month.
The app was made available for download on the elector.co.il website.
In a blog post today, Bar-Zik said this website contained more information than it should.
The developer said the site's source code included a link to an API endpoint that was supposed to be used to authenticate the site's administrators.
At the time of writing, the Electoral app's official website has been taken down and removed from the cache of search engine like Google and Bing, to prevent further access to the site's source code and admin API endpoint.
In his blog post, Bar-Zik said the app's developers failed because they left an API endpoint exposed without a password and then failed again when they didn't secure admin accounts with a two-factor authentication mechanism.
Last year, ZDNet reported about similar leaks that exposed the voter databases of entire countries, namely Chile and Ecuador.
However, this one is much worse, largely due to Israel's position in the Middle East and its tensed relations with neighboring Arab countries.
