Privacy agency seizes servers of hacked travel agency


The Privacy Authority in Israel seized servers hosting several travel booking websites because their operator failed to address security issues that allowed data breaches affecting more than 300,000 people.

At least 10 websites operated by Gol Tours LTD in Israel have been shut down following a notification from the agency regarding the patching of security vulnerabilities that allowed hackers to steal personal information and credit card data belonging to to customers.

Iranian group attribution

The Israel Privacy Authority on Thursday confirmed the cyberattack, believed to be the work of an Iranian threat actor, The Times of Israel reports.

According to the publication, the agency contacted Gol Tours immediately after the hack and asked to fix the security flaws exploited by the hackers during the incident.

“In the event of an immediate failure to report a serious security breach and failure to cooperate in accordance with the guidelines, the authority will take decisive action to protect the personal information of the public, including the effective cessation of operations of the l ‘company” – Israel Privacy Authority

Ram Levi, CEO of Konfidas, a cybersecurity and crisis management company, said the hackers were an Iranian group called Sharp Boys.

Cyberattack on Israeli travel sites attributed to Iranian Sharp Boys hackers
Cyberattack attributed to the Sharp Boys The source: Ram Levi

The seizure by the Privacy Authority of the servers of a company that had been the victim of a cyberattack is a first in Israel. Levi notes that the websites have been taken down and the agency is reviewing the systems as part of its investigation.

The owner of Gol Tours said the hackers only stole names and phone numbers from the websites’ databases and that the agency’s accusations of refusing to improve security were misguided.

“I never said I wouldn’t upgrade [security] because it would cost me money, never,” said Gol Tours, adding that “the authority sent us a defective document and did not respond to our messages.”

Sharp Boys Data Leaks

On their website, the Sharp Boys gang describes themselves as “an independent group of hackers”. They announced the hack on June 11, claiming they stole databases containing names, phone numbers, email addresses, credit card data, passport numbers and phone history. customer trips.

Announcement by the Sharp Boys about the hacking of several Israeli travel sites
The Sharp Boys claim hacking of Israeli travel sitessource: BleepingComputer

The above list published by the threat actor includes the same websites that have been flagged as being taken down by the Israel Privacy Authority.

In the days following news of the hack, the Sharp Boys leaked 300,000 customer data records.

The gang also shared a screenshot of a remote desktop connection showing they had access to over two dozen domains allegedly owned by Gol Tours.

BleepingComputer checked the registration information of several of them and found that they were operated by Gol Tours LTD and had a contact email address hosted at[.]hea site operational at the time of publication.

Source link

Comments are closed.