Millions Of Israeli Voters' Data Leaked By Election Management App
Elections are one of the oldest sociopolitical activities of humanity and, given its rather sensitive nature, has been slow to change over the centuries. Attempts to modernize elections and the systems around them have always been met with suspicion and scrutiny due to fears of data and security breaches. In Israel, those fears materialized in what may be the worst case the country has faced, and it isn't even due to the election system itself and only a third-party app for managing voters.
Political parties in Israel have flocked to mobile apps in attempts to ease the burden of messaging supporters and getting them to their correct voting stations. The ruling Likud party urged its supporters to do exactly that with an election management app named Elector. Now over 6 million voters in Israel, including supports of rival parties, have had their personal information potentially stolen in a massive breach.
The app in question was developed and operated by a company named Feed-b who acknowledged a "one-off incident that was immediately dealt with". It might have been too late, however, as unrestricted access to data of 6,453,254 citizens in Israel may have been available for an undisclosed period of time. Those pieces of information included full names, identity card numbers, addresses, genders, phone numbers, and other pieces of personal data the voter may have unwittingly provided.
Israeli newspapers Haaretz reports that this isn't the first time the Likud has been involved in security breaches but this may be one of the most massive. The party encouraged voters to also add information of acquaintances who might vote for the party, expanding the database's reach.
Various parties, advocates, and experts have pointed out the security risks of the system in the past, not to mention the privacy violations with the creation of the database. The Elector app has also been used in other countries like the US, China, and Russia but it hasn't been disclosed if any of those databases were also left unsecured.