Cyber Incident Victim: Lametayel

On December 18, 2021, the hacker group Sharp Boys publicly announced a cyberattack against two Israeli hiking websites, Tiyuli and Lametayel. The group claimed to have compromised user data and subsequently leaked personal information belonging to 100,000 individuals. The leaked datasets included email addresses, physical addresses, photographs, and telephone numbers. Sharp Boys additionally advertised the sale of information purportedly linked to approximately three million people, though the article did not confirm whether this larger dataset originated exclusively from the two breached platforms or included additional sources. The attack’s disclosure occurred on a Saturday, with Jerusalem Post reporting the incident shortly after the hackers’ announcement. No technical details regarding the attack vector, such as exploitation methods or vulnerability types, were disclosed in the available source material.

The incident exposed sensitive personal information of Lametayel and Tiyuli users, creating immediate privacy risks for affected individuals. Exfiltrated data types—particularly addresses and phone numbers—increased potential for phishing campaigns, identity theft, and physical security concerns. The hackers’ decision to leak a subset of records publicly while offering a larger dataset for sale indicated a dual intent to inflict reputational damage and monetize the stolen information. Neither the article nor the cited Jerusalem Post report specified whether the websites’ operators confirmed the breach’s scope or initiated containment measures such as password resets, system audits, or law enforcement engagement. Financial impacts, regulatory consequences, and user notifications remained undisclosed in the source material at the time of reporting.