Massive data breach in Isreal: leaks, again, The entire Israeli voters' data

So, As I disclosed today in the The Marker, All 6.5 Million Israeli Voters' Personal Data is Exposed. Again. But with more information than the previous Elektor breach. Thanks to a data breach in?the Shas?party (A religious party In Israel) and their leaky system - anyone with a browser could access as an admin to the system and gain full access and download, of course, the whole personal data of the voters in the voter registry: ID Number, Year of birth, full name, updated home address, father name. Besides that, there was more data - telephone numbers (both cell and landline) and information about the families - parents, spouses, and children.

A DebugBar caused the breach. Debugbar, a debugger for PHP\Laravel installed on the production site. The debugger exposed debug items to anyone that accessed the default debug bar URL:?https://app.shass.co.il/_debugbar/open.?

Each debug item has ID. Paste this ID in the default view session URL, and viola! You have the complete session of the user that had done the action.

Paste that session in the cookie with the debugger tool, and that's it!

Even regular users had access to a lot of personal information, but the operation can be repeated until you get a session with a full admin.

Parents and children are listed together

The admin can download the entire voter registry. Here is a small example of all the voters in Tel Aviv.

I received the information about this breach from an anonymous source that used the anonymous leakage mailbox in the Cybercyber podcast site. And since it is a relatively easy and well-known breach, I guess that other persons or organizations also hold that data. In the past, The Elector voters' data was exposed, and I am afraid that it will happen here as well.

The information exposed was not only the voters' data but other data as well - The entire campaign information of the party, with complete data about people's responses to the party questionnaire.

Shas party is a powerful one and has a lot of representatives at the municipal and the national level. In the party system, voters requested help on various issues - from municipal to personal problems. Each request was documented (sometimes with a lot of personal information). If it seems odd to you that political party representatives at municipal and national levels help individual people that called to their party? Some western countries will call it election bribery, and in Israel, it is just the norm.

Hebrew: I want a discount on the local tax demand

I disclosed this breach to Shas party, and they closed it and threatened me with a defamation lawsuit. Don't hold your breath to wait for the official Israel response - in the last breach. The Israeli privacy authority didn't bother to give a fine to Elector, the company that leaked the information. Yup, this is Israel.?

Anyone that wants to use the pictures\screenshot can do it, and it is free to use with attribution.