Privacy agency seizes servers of hacked travel agency
The Privacy Authority in Israel seized servers hosting several travel booking websites because their operator failed to address security issues that allowed data breaches affecting more than 300,000 people.
At least 10 websites operated by Gol Tours LTD in Israel have been shut down following a notification from the agency regarding the patching of security vulnerabilities that allowed hackers to steal personal information and credit card data belonging to to customers.
Iranian group attribution
The Israel Privacy Authority on Thursday confirmed the cyberattack, believed to be the work of an Iranian threat actor, The Times of Israel reports.
According to the publication, the agency contacted Gol Tours immediately after the hack and asked to address the security loopholes exploited by the hackers during the incident.
Ram Levi, CEO of Konfidas, a cybersecurity and crisis management firm, said the hackers were an Iranian group called Sharp Boys.
The seizure by the Privacy Authority of the servers of a company that had been the victim of a cyberattack is a first in Israel. Levi notes that the websites have been taken down and the agency is reviewing the systems as part of its investigation.
The owner of Gol Tours said the hackers only stole names and phone numbers from the websites’ databases and that the agency’s accusations of refusing to improve security were misguided.
“I never said I wouldn’t upgrade [security] because it would cost me money, never,” said Gol Tours, adding that “the authority sent us a defective document and did not respond to our messages.”
Sharp Boys Data Leaks
On their website, the Sharp Boys gang describes themselves as “an independent group of hackers”. They announced the hack on June 11, claiming they stole databases containing names, phone numbers, email addresses, credit card data, passport numbers and phone history. customer trips.
The above list published by the threat actor includes the same websites that have been flagged as being taken down by the Israel Privacy Authority.
In the days following news of the hack, the Sharp Boys leaked 300,000 customer data records.
The gang also shared a screenshot of a remote desktop connection showing they had access to over two dozen domains allegedly owned by Gol Tours.
BleepingComputer checked the registration information of several of them and found that they were operated by Gol Tours LTD and had a contact email address hosted at gol.co[.]hea site operational at the time of publication.