An Israeli LGBT-focused dating service was one of the many sites targeted by a hack on an Internet hosting company that worried users of a potential data leak that could reveal those who were still in the closet.
“Atraf”, a geo-located dating service as well as a nightlife index, is a popular app and website in the Israeli LGBT community, especially in the Tel Aviv area.
Hackers apparently linked to Iran said on Friday that they had hacked into the servers of the Israeli internet hosting company Cyberserve and brought down a number of widespread websites.
The Black Shadow group, which Hebrew-language media report was Iranian, warned the Israeli company that it was in possession of data that could be leaked. The group has not confirmed that it is backed by Tehran.
“Hello again! We have news for you,” the hackers wrote in a message circulating on social media Friday night. “You probably could not connect to many websites today. ‘Cyberserve’ company and their customers [were] hit by us. You may ask, what about data? As always, we have plenty of it. If you do not want your data leaked by us, please contact us soon. “
It was not clear what data the hacker group would leak, but with the sensitive personal information about Atraf, users who had not come out were worried that their names could be released, according to Hebrew-language media reports.
“I’m just shaking with fear,” an unnamed user of the app told the news site Ynet. “I’m a gay man in the closet, use the app a lot and have personal photos there … I do not know what to do or who to turn to.”
The Aguda Association for LGBT Equality in Israel on Saturday called on the National Cyber Directorate to “act swiftly to prevent data leaks”, adding that such release of such personal information is “a danger to [the users’] mental health. “
The directorate said on Saturday that it had warned Cyberserve several times in the past year that the internet hosting company was vulnerable to such attacks. The National Cyber Directorate also advised Israelis whose personal data was covered to change their passwords, enable two-factor authentication, and remain vigilant against suspicious emails and messages.
Black Shadow stole a large amount of information from the Israeli insurance company Shirbit last year and then sold it on the dark web when the company refused to pay a ransom.
Cyberserve’s customers include Dan and Kavim public transport companies, the Children’s Museum in Holon, Pegasus travel company and Kan public broadcasters blog page.
A number of Cyberserve’s customer websites were not available Saturday afternoon.
Last year, Black Shadow attacked insurance company Shirbit and initiated ransom negotiations, but the company said it would not pay, leading to the dark web sales of information stolen from the company.
Many of Shirbit’s clients are from the public sector, and photos of private documents released included vehicle registration and credit card information for an employee of the president’s residence, as well as personal correspondence and a marriage certificate, as well as the president’s personal information of Tel Aviv District Court.
Anonymous Israeli officials told Channel 12 News at the time of the attack that they believed a state was behind the Black Shadow attack. However, they did not name the country.
Israel and Iran have been involved in a years-long shadow war, in which Israel has reportedly directed most of its efforts – including several suspected cyber attacks – to sabotage the Islamic Republic’s nuclear program.
This week, an unprecedented cyber attack destroyed Iran’s subsidized fuel distribution system.
Abolhassan Firoozabadi, a top official of Iran’s top council for cyberspace, told state television station IRIB that the attack had apparently been carried out by a foreign country, even though it was too early to name suspects. He also linked the attack with another targeting Iran’s rail system in July.
The next day, an Iranian official tweeted in Hebrew that the “enemy’s goal” of provoking unrest through gas shortages had been thwarted.
Numerous suspected Iranian cyber attacks on Israel have been reported in recent years, including one that targeted its water infrastructure by 2020.
Microsoft said this month that Iran had quadrupled its hacks on Israel in the past year.
“Microsoft discovered an increased focus from a growing number of Iranian groups targeting Israeli devices … and with that focus came a series of ransomware attacks,” the company’s annual Digital Defense Report states.
Google has also warned of an increase in state-sponsored hackers with a report focusing on the “notable campaigns” of a group affiliated with Iran’s Revolutionary Guards.