Cyber Incident Victim: Tiyuli

On December 18, 2021, the hacker group Sharp Boys publicly claimed responsibility for compromising two Israeli hiking and tourism websites, Tiyuli and Lametayel. The group announced the breach on a Saturday, disclosing that they had extracted and leaked sensitive personal information belonging to 100,000 users. Additionally, Sharp Boys offered to sell datasets purportedly containing information on approximately three million individuals, though the authenticity and origin of this larger dataset were not independently verified in the available reporting. The attack involved unauthorized access to the websites' systems, though specific technical details regarding the intrusion methods, such as exploited vulnerabilities or attack vectors, were not disclosed in the source material. The breach announcement included samples of the stolen data to substantiate their claims, demonstrating access to sensitive user records stored by the platforms.

The leaked data from Tiyuli and Lametayel included email addresses, physical addresses, personal photographs, and phone numbers of affected users. This exposure created immediate risks of identity theft, phishing campaigns, and targeted harassment for individuals whose information was disseminated. The scale of the breach—impacting at least 100,000 confirmed users—raised concerns about the security practices of recreational platforms handling sensitive personal data. No statements from Tiyuli, Lametayel, or law enforcement agencies regarding incident response, containment measures, or forensic investigations were documented in the cited report at the time of disclosure. The absence of verified mitigation actions or victim notifications in the available timeline left the full operational and reputational consequences of the incident unaddressed in public reporting. Sharp Boys’ decision to monetize a larger dataset suggested broader potential impacts, though the validity of these additional records remained unconfirmed.