A previously unknown hacker group on Saturday claimed to have stolen personal data of some 3 million users from a pair of Israeli hiking companies.
In a statement posted on social media, “Sharp Boys” said it possesses 500 gigabytes of data from hacking Lametayel, a chain of stores that sells outdoor equipment, and the Tiuli hiking website.
The group said the data included usernames, emails, phone numbers and passwords, and shared photos of spreadsheets that included some details of users.
It offered to sell the information for $300,000.
Lametayel said it took down its website and blocked access to it after detecting “suspicious activity” in the afternoon.
“The issue is being examined,” the company was quoted as saying by the Kan public broadcaster.
There was no comment from Tiuli.
Both websites remained inaccessible as of early Sunday.
⚫️⚫️ 500 GB Database for sale
about 3 Million user,email,password,phone,…
— SharpBoys (@Sharp_Boyz) December 18, 2021
“It appears that this is again a psychological war against Israel,” cybersecurity expert May Brooks-Kempler told the Walla news site.
She also said that while Sharp Boys is unknown, its methods were reminiscent of Black Shadow, a group of reported Iran-linked hackers who use cyberattacks for criminal ends.
Last month, Black Shadow leaked what is said were full databases of personal information from Israel’s Machon Mor medical institute and the Atraf website, an LGBTQ dating service and nightlife index.
The group had initially hacked the CyberServe Israeli internet hosting company, taking down its servers and a number of sites, among them Atraf. Israel’s National Cyber Directorate said at the time that it had previously warned CyberServe that it was vulnerable to attack.
The latest Black Shadow attack followed an unprecedented, unclaimed cyberattack that wrought havoc on Iran’s gas distribution system, which Iranian officials blamed on Israel and the United States.
Iran and Israel have been engaged in a so-called “shadow war,” including several reported attacks on Israeli and Iranian ships that the two have blamed on each other, as well as cyberattacks.
In 2010, the Stuxnet virus — believed to have been engineered by Israel and its ally the US — infected Iran’s nuclear program, causing a series of breakdowns in centrifuges used to enrich uranium.