Information on over 300,000 Israelis leaked as Iranian hackers target travel booking sites

0

Iranian hackers recently hacked into a number of popular Israeli travel booking sites, managing to obtain the personal information of more than 300,000 Israelis.

The incident happened two weeks ago and was confirmed by the Israel Privacy Authority on Thursday evening.

The attack affected websites operated by Gol Tours LTD, a tourism company that owns more than 20 travel booking websites.

The leaked information includes phone numbers, addresses, booked vacation dates and locations, and sensitive medical information, the authority said in a statement.

The affected websites would be: hotel4u.co.il, booking-hotels.co.il, booking-kibbutz.co.il, mlonot.co.il, noapass.co.il, gol.co.il, funtoursisrael. co. il, ortal.net, come2israel.co.il and come2israel.com.

The Privacy Authority says it immediately contacted the owner of Gol Tours LTD after the hack, in a bid to address security loopholes the hackers took advantage of, but were met with a denial to cooperate.

“The required changes have not been made,” the authority said, noting that it had launched an investigation into the incident.

A screenshot of the homepage of Israeli travel booking site hotel4u.co.il, one of the sites hacked by Iranian hackers in June 2022. (Screenshot)

The authority also claimed, according to a Channel 12 news report, that the owner of Gol Tours LTD refused to address the security flaws as it would cost him money to do so.

The report adds that the owner also ignored instructions provided by Israel’s National Cybersecurity Directorate following the hack, intended to help the company strengthen its security and prevent additional information from being leaked to hackers. .

In an unprecedented move in Israel, law enforcement officials raided the company’s offices on Thursday and seized its servers until an investigation was completed.

“In the event of an immediate failure to report a serious security breach and failure to cooperate in accordance with the guidelines, the authority will take decisive action to protect the personal information of the public, including the effective cessation of operations of the l ‘company,” the Privacy Authority said in a statement.

The authority said it hopes the unusual step taken in this case serves as a warning to other website owners who may consider not reporting security flaws in the future.

Responding to the allegations, the owner of Gol Tours LTD dismissed the allegations and said that the authority treated him worse than Iranian hackers ever did.

“I never said I wouldn’t upgrade [the company’s online security measures] because it would cost me money, never,” he told Channel 12.

“The Iranians only took names and phone numbers from our site. We do not store credit card numbers in our system. The authority had sent us a defective document and did not respond to our messages,” he explained.

“We have one of the best security companies in the country,” he continued, “Those who hacked into our websites are the same ones who hacked into hospitals. We know how to handle them, but we wouldn’t have never imagined that we would be hurt more by Israel than by the Iranians.

The incident comes weeks after Israeli communications companies were instructed to step up cybersecurity, as the government launched a new initiative to protect the country from online attacks amid a rise in hacks targeting people. Israeli websites.

As part of the reform, major Israeli communications companies are required to implement detailed plans to identify and prevent future cyberattacks targeting communications networks. Companies must now adhere to unified standards.

Numerous alleged Iranian cyberattacks against Israel have been reported in recent years.

In April, a group of pro-Iranian hackers claimed responsibility for a DDoS cyberattack that temporarily blocked the Israel Airports Authority website.

Last year, a ransomware cyberattack targeted Hillel Yaffe Medical Center in Hadera, completely shutting down its computer system. Days later, the National Cybersecurity Directorate said it had foiled a wave of attempted cyberattacks targeting other Israeli hospitals and health centers.

In 2020, various Israeli websites targeted by Iranian hackers as part of Iran’s Quds Day released video simulating bombed Israeli cities and messages threatening the destruction of the Jewish state.

According to data released by cybersecurity firm VirusTotal in October last year, Israel was the country most affected by ransomware between January 2020 and October 2021.

It’s not (only) about you.

Supporting The Times of Israel is not a transaction for an online service, like subscribing to Netflix. The ToI Community is for people like you who care about a common good: to ensure that balanced and responsible coverage of Israel continues to be freely available to millions of people around the world.

Of course, we’ll remove all ads from your page and you’ll have access to great community-only content. But your support gives you something deeper than that: the pride of joining something that really matters.

Join the Times of Israel community

Join our community

Already a member? Log in to stop seeing this

You are a dedicated reader

That’s why we started The Times of Israel ten years ago – to provide discerning readers like you with must-read coverage of Israel and the Jewish world.

So now we have a request. Unlike other media, we don’t have a paywall in place. But since the journalism we do is expensive, we invite readers to whom The Times of Israel has become important to help support our work by joining The Times of Israel community.

For just $6 a month, you can help support our quality journalism while benefiting from The Times of Israel WITHOUT ADVERTISINGas well as access Exclusive content only available to members of the Times of Israel community.

Thanks,
David Horovitz, founding editor of The Times of Israel

Join our community

Join our community

Already a member? Log in to stop seeing this

Share.

Comments are closed.