Info of over 300,000 Israelis leaked as Iranian hackers target travel booking sites

Israel’s Privacy Protection Authority seizes servers of Gol Tours LTD, which operates the affected websites, after claiming owner failed to cooperate and address security breach

Tobias (Toby) Siegal is a breaking news editor and contributor to The Times of Israel.

Illustrative: A cybersecurity expert stands in front of a map of Iran as he speaks to journalists about the techniques of Iranian hacking, on September 20, 2017, in Dubai, United Arab Emirates. (AP/Kamran Jebreili)
Illustrative: A cybersecurity expert stands in front of a map of Iran as he speaks to journalists about the techniques of Iranian hacking, on September 20, 2017, in Dubai, United Arab Emirates. (AP/Kamran Jebreili)

Iranian hackers have recently hacked into a number of popular Israeli travel booking websites, managing to obtain the personal information of over 300,000 Israelis.

The incident occurred two weeks ago and was confirmed by Israel’s Privacy Protection Authority on Thursday evening.

The attack affected websites operated by Gol Tours LTD, a tourist company that owns over 20 travel booking websites.

The leaked information includes telephone numbers, addresses, dates and locations of booked vacations, and sensitive medical information, the authority said in a statement.

The affected websites reportedly include: hotel4u.co.il, booking-hotels.co.il, booking-kibbutz.co.il, mlonot.co.il, noapass.co.il, gol.co.il, funtoursisrael.co.il, ortal.net, come2israel.co.il, and come2israel.com.

The Privacy Protection Authority said it had immediately contacted the owner of Gol Tours LTD following the hack, in an effort to address the security flaws that the hackers took advantage of, but was met with a refusal to cooperate.

“The required changes were not made,” the authority said, noting that it has launched an investigation into the incident.

A screenshot of the homepage of the Israeli travel booking website hotel4u.co.il, one of the websites hacked by Iranian hackers in June 2022. (Screenshot)

The authority has also claimed, according to a report by Channel 12 news, that the owner of Gol Tours LTD refused to address the security breaches because it would have cost him money to do so.

The report added that the owner also ignored instructions provided by Israel’s National Cyber Directorate following the hack, meant to help the company bolster its security and avoid additional information being leaked to the hackers.

In an unprecedented move in Israel, authority officials raided on Thursday the company’s offices and seized its servers until the investigation is complete.

“In any case of failing to immediately report a serious security breach and not cooperating according to the guidelines, the authority will take decisive action to protect the personal information of the public, including effectively halting the company’s operations,” the Privacy Protection Authority said in a statement.

The authority said it was hopeful the unusual measure taken in this case would serve as a warning to other website owners who may consider not reporting security breaches in the future.

Responding to the allegations, the owner of Gol Tours LTD rejected the claims and said the authority has treated him worse than the Iranian hackers ever did.

“I never said I wouldn’t upgrade [the company’s online security measures] because it would cost me money, never,” he told Channel 12.

“The Iranians only took names and phone numbers from our site. We don’t hold credit card numbers in our system. The authority had sent us a faulty document and didn’t respond to our messages,” he argued.

“We have one of the best security companies in the country,” he continued, “Those who hacked our websites are the same ones who hacked the hospitals. We know how to deal with them, but we never imagined that we would be hurt by Israel more than by the Iranians.”

The incident comes weeks after Israeli communications firms were instructed to bolster cybersecurity, as the government rolled out a new initiative to guard the country against online attacks amid an uptick in hacks targeting Israeli websites.

Under the reform, Israel’s major communications companies are required to implement detailed plans for identifying and preventing future cyberattacks targeting communication networks. The companies now need to adhere to unified standards.

Numerous suspected Iranian cyberattacks on Israel were reported in recent years.

In April, a group of pro-Iranian hackers claimed responsibility for a DDoS cyberattack that temporarily took down the Israel Airports Authority’s website.

Last year, a ransomware cyberattack targeted the Hillel Yaffe Medical Center in Hadera, completely shutting down its computer system. A few days later, the National Cyber Directorate said it had thwarted a wave of attempted cyberattacks targeting additional Israeli hospitals and health centers.

In 2020, various Israeli websites that Iranian hackers targeted as part of Iran’s Quds Day, displayed a video simulating Israeli cities being bombed and messages threatening the destruction of the Jewish state.

According to data released by Cybersecurity firm VirusTotal in October last year, Israel was the country most affected by ransomware between January 2020 and October 2021.

Most Popular
read more: