Sponsored Links

Netanyahu's party left Israel's entire voter registry exposed

An app flaw made it easy to access sensitive details for millions.
AP Photo/Sebastian Scheiner
AP Photo/Sebastian Scheiner
Jon Fingas
Jon Fingas|@jonfingas|February 9, 2020 6:02 PM

Political parties have left voter records exposed before, but seldom on this scale. Haaretz has learned that Likud, the party of Israeli Prime Minister Benjamin Netanyahu, uploaded Israel's entire voter registry to the Elector voting management app, which had glaring security issues that effectively left the data wide open for days. You could even access the info through a web browser without tools or expertise. The collection included personal details (such as addresses and ID numbers) for nearly 6.5 million Israelis, including Netanyahu and other top politicians.

Researchers had also found an Elector security hole in September 2019, and there were other flaws on top of that (such as one that allowed modifying Likud's vote count). However, Likud appears to have disregarded those concerns and simply uploaded the voter database.

The vulnerability was closed roughly a day after it came to light, and those involved have claimed they've "enhanced" security to prevent a repeat problem. Likud also tried to shift the blame by arguing that Elector was an "external" developer that served multiple parties. The country's Privacy Protection Authority said it was looking into the Elector incident.

Whoever was ultimately responsible, the exposure could have had dire consequences. The database could have been used for identity theft, spying and even voter intimidation. Israel is still grappling with indecisive results from its September election, and the last thing it would want is a major data breach skewing the outcome of the follow-up election this March.

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.