Netanyahu's party left Israel's entire voter registry exposed

An app flaw made it easy to access sensitive details for millions.

Political parties have left voter records exposed before, but seldom on this scale. Haaretz has learned that Likud, the party of Israeli Prime Minister Benjamin Netanyahu, uploaded Israel's entire voter registry to the Elector voting management app, which had glaring security issues that effectively left the data wide open for days. You could even access the info through a web browser without tools or expertise. The collection included personal details (such as addresses and ID numbers) for nearly 6.5 million Israelis, including Netanyahu and other top politicians.

Researchers had also found an Elector security hole in September 2019, and there were other flaws on top of that (such as one that allowed modifying Likud's vote count). However, Likud appears to have disregarded those concerns and simply uploaded the voter database.

The vulnerability was closed roughly a day after it came to light, and those involved have claimed they've "enhanced" security to prevent a repeat problem. Likud also tried to shift the blame by arguing that Elector was an "external" developer that served multiple parties. The country's Privacy Protection Authority said it was looking into the Elector incident.

Whoever was ultimately responsible, the exposure could have had dire consequences. The database could have been used for identity theft, spying and even voter intimidation. Israel is still grappling with indecisive results from its September election, and the last thing it would want is a major data breach skewing the outcome of the follow-up election this March.