There was no immediate indication that any of the information had been downloaded before the breach was repaired, the paper said. The app’s developer told Haaretz that the flaw was quickly fixed and that new security measures were implemented.
But a person close to Likud, who spoke on the condition of anonymity to discuss sensitive matters, said the party was braced for the possibility that information could have leaked, with worrying consequences. The comprehensive list of voters would have included personal details, including home addresses, for military leaders, security officials, government operatives and others of potential interest to Israel’s enemies.
“This is a rare treasure trove of information on no less than 6,453,254 Israeli citizens that any foreign government, intelligence organization or commercial company would like to own,” Ran Bar-Zik, the Israeli Web developer who received the tip about the app, wrote in a blog post on the website Internet Israel.
Likud, like all Israeli political parties, was given a copy of the national voting registration for campaign purposes, pledging not to pass information to a third party and to purge the data after the election. But an anonymous tipster pointed Haaretz to a vulnerability in the app used by Likud that allowed any user to access the entire registry. The tipster showed the paper personal details about Israeli VIPs to illustrate the kind of information available.
Netanyahu, who is fighting to keep his job in Israel’s unprecedented third election within a year, following deadlocked votes in April and September, personally beseeched Likud voters to download the app and add the names of additional potential supporters, according to the Jerusalem Post.
“Efforts to sabotage Likud voters in the election were thwarted and security of the site has been enhanced as a result,” the party said in a statement Monday. “It should be emphasized that this is an external software provider, providing services to many parties.”
Tech experts had warned in recent weeks that the Israeli election app was a privacy risk, in part because it invited users to add news names and personal information for likely voters, a possible violation of Israel’s privacy laws. Among those reporting on the risks was Haaretz’s sister paper, TheMarker, a Hebrew-language business publication.
The election security breach comes a week after a results tabulation app crashed the Iowa Democratic Party caucuses, delaying complete results for days and leading one candidate, Sen. Bernie Sanders (I-Vt.), to call for a “partial recanvass.”