Campaign managers worldwide should have their internet privileges revoked, period, but here’s the latest stunning fiasco: Netanyahu’s political party the Likud exposed the country’s entire voter registry by uploading it to an app, Haaretz has reported. An “anonymous tipper” claimed to have easily accessed personal data of 6,453,254 Israeli voters, including names, ID numbers, addresses, and in some cases, phone numbers.
The app, Elector, is designed for campaigns to keep up-to-date information, communicate with supporters, and track voting status; in other words, this is an app which probably should have had 2-step verification set up, which it reportedly did not. On its website, Elector says that the app was created by “senior professionals in cyber security and software systems development” and advertises the “strictest standards” of security.
The author of the Haaretz piece, programmer Ran Bar-Zik, later told the New York Times that this person initially sent him and his co-hosts of the podcast Cybercyber the vulnerability, along with data on Bar-Zik, his wife, and son. Bar-Zik then laid out the vulnerability on his blog. If the screenshots are real, this wasn’t even a hack; he right-clicked “view source” on the homepage, and Likud’s login info was in the site’s source code. Neither Bar-Zik nor Elector were immediately available for comment.
Read the report by Whitney Kimball in Gizmodo.