All 6.5 million voters in Israel have just had their personal data leaked, reports the New York Times. The full names, addresses, and identity card numbers are among the information that was leaked about every eligible voter in the country. In some cases, phone numbers were also leaked.
The leak happened through a vulnerability of the website promoting an app called Elector. The app itself, however, did not leak the data. The NYT says a flaw was found on the website of the app that allowed anyone to right-click on the website to view its source code. Inside that source code was the user names and passwords for the website’s admins. Anyone who found these usernames and passwords could then log into the site and download a database with information for every voter in Israel.
The flaw in the website was discovered on Friday by an anonymous tipster who disclosed the vulnerability to the Haaretz newspaper. It’s unknown whether anyone actually took advantage of the flaw; however, doing so would take no hacking skills whatsoever. Anyone who knew about the flaw could access the data with a few clicks.
After news of the flaw broke, Elector issued a statement to Israeli news media claiming that the event was a “one-off incident that was immediately dealt with.”