Cyber Incident Victim: Elector Software Ltd
Date:
Mar 2021
Location:
Israel
Summary
Hackers leaked personal details of millions of Israeli voters, including full names, addresses, phone numbers, ID card numbers, and political preferences, by breaching an election app developed by Elector Software Ltd. for the Likud party. The attackers, identifying as "The Israeli Autumn," initially encrypted the stolen data and attempted extortion by demanding the app's shutdown, threatening to release decryption keys and personal information of the company's CEO and family; they later disseminated the passwords publicly after their demands were unmet. This incident followed a prior security failure where a misconfigured API in the same app exposed administrative credentials and a database containing up-to-date voter registration records, enabling unauthorized access to sensitive citizen data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In February 2021, a misconfiguration in the Elector app—developed by Elector Software Ltd. for Israel’s Likud party—exposed personal data of over 6.5 million eligible voters. Verizon Media developer Ran Bar-Zik discovered the breach during a security audit, identifying an unauthenticated API endpoint that leaked administrator credentials in cleartext, including passwords. Using these credentials, Bar-Zik accessed a backend database containing up-to-date voter registration records, including full names, ID numbers, addresses, phone numbers, and ballot assignments. The vulnerability allowed unauthorized queries to retrieve sensitive voter data without authentication. Israeli media confirmed the leak, with Calcalist criticizing Likud for exposing citizens to one of Israel’s most severe security breaches in recent years. The database represented an official copy of Israel’s voter registry, distributed to parties before elections. While unclear if malicious actors accessed the data before its discovery, Elector’s official website was taken down following the disclosure.
Days before Israel’s March 2021 elections, hackers identifying as “The Israeli Autumn” escalated the crisis by leaking voter details and threatening Elector Software Ltd. After unsuccessfully demanding the app’s shutdown through extortion—including threats to release CEO Tzur Yemin’s family data—the attackers distributed encrypted files containing voter information. They promised decryption passwords unless Elector ceased operations, warning, “You don’t have long left until information about your family is exposed too.” When authorities and Elector ignored the ultimatum, the group released passwords via anonymous platforms, enabling unrestricted access to files with 6,528,565 voters’ names, ballot numbers, and over 3 million citizens’ ID numbers, addresses, genders, ages, and political preferences. The hackers cited authorities’ failure to address Elector’s negligence as justification. Elector CEO Yemin reported the extortion to police, dismissing it as baseless despite the confirmed data exposure. The leaked information included both historical breach data and updated voting station assignments, compounding risks of identity theft and electoral manipulation. Media linked the incident to Elector’s unresolved security flaws, highlighting systemic vulnerabilities in political party data management.