A hacking group calling itself Black Shadow threatened Sunday to reveal personal details of users of Israeli’s leading LGBTQ dating site, in an attack some cyber experts linked to Iran.
“If we have 1 Millions $ in our wallet in the next 48 hours, we will not leak this information and also we will not sell it to anybody,” Black Shadow wrote on Telegram.
The Atraf dating site was compromised after the group hacked CyberServe, an Israeli internet service provider whose clients include public transportation firms, museums and a travel company.
On Saturday, the group dumped tens of thousands of records online from the various sites it had penetrated, including 1,000 user profiles from Atraf.
The leaked records included users’ HIV status, sexual orientation and unencrypted passwords.
Ran Shalhavi, CEO of The Aguda — The Association for LGBTQ Equality in Israel, told AFP his organisation had extended its emergency hotline hours to deal with a flood of worried callers.
“They are exposed, and if they are in the closet, they are exposed to situations they never knew before,” he said, adding that the association was working with different groups to “reduce damage”.
Libi Oz, a spokeswoman for the government-funded Israel National Cyber Directorate, said her office warned CyberServe “several times” it was vulnerable to attack.
AFP was unable to reach Atraf for comment.
CyberServe did not return AFP’s calls, but said in a statement Saturday that it had been dealing with “an Iranian cyber terror event”.
– ‘Not about ransom’ –
“From the moment we got warning on the issue from the National Cyber Directorate, even before the incident, we cooperated fully and fulfilled all the directorate’s guidelines,” it said.
Cyber intelligence researcher Ohad Zaidenberg said the breach appeared to be linked to a hack of Israeli insurance firm Shirbit last year, also claimed by Black Shadow, as well as an attack in March on Israeli insurance company KLS Capital Ltd.
“Now they are doing something relatively similar,” Zaidenberg said.
“We know that attack on Shirbit was Iranian, and therefore we can say, if it’s the same attacker and that attack was Iranian, this attack is Iranian.”
Keren Elazari, a cybersecurity expert and researcher at Tel Aviv University, agreed that the attack appeared to be Iranian.
“A big part of the hacks we’ve seen is not about ransom,” she said. “It’s about embarrassing Israeli companies, embarrassing Israeli citizens.”
She said the pandemic had opened new vulnerabilities for Israeli firms, as working from home offered less cybersecurity and has “multiplied the opportunity for attacks”.
Iran and Israel have been engaged in a so-called “shadow war”, including several reported attacks on Israeli and Iranian ships that the two have blamed on each other, as well as cyberattacks.
The Israeli breach comes after an unprecedented, unclaimed cyberattack wrought havoc on Iran’s petrol distribution system this week.
An Iranian general has said Israel and the United States were likely to have been behind that attack.
Related: Norway to Fine Dating App Grindr $11.7M Over Privacy Breach
