An Israeli LGBT-focused dating service was one of the many websites targeted by a hack on an internet hosting company, worrying users of a potential data leak that could expose those still in the closet.
“Atraf,” a geo-located dating service as well as a nightlife index, is a popular app and website in the Israeli LGBT community, especially in the Tel Aviv area.
Hackers, apparently linked to Iran, said Friday they had broken into the servers of Israeli internet hosting company Cyberserve, bringing down a number of widely used websites.
The Black Shadow group, which Hebrew-language media reports said was Iranian, warned the Israeli company that it was in possession of data that could be leaked. The group has not confirmed that it is backed by Tehran.
“Hello Again! We have news for you,” the hackers wrote in a message circulated on social media Friday evening. “You probably could not connect to many websites today. ‘Cyberserve’ company and their customers [were] hit by us. You may ask what about Data? As always, we have lots of it. If you don’t want your Data leaked by us, contact us soon.”
It was not clear which data the hacker group would leak, but with the sensitive personal information on Atraf, users who have not come out were worried their names could be released, according to Hebrew-language media reports.
“I’m just shaking with fear,” an unnamed user of the app told the Ynet news site. “I’m a gay man in the closet, use the app quite a bit and have personal photos there… I don’t know what to do or who to turn.”
The Aguda Association for LGBT Equality in Israel called Saturday for the National Cyber Directorate to “urgently act to prevent data leaks,” adding that such the release of such personal information is “a danger to [the users’] mental health.”
The directorate said on Saturday that it had warned Cyberserve multiple times in the past year that the internet hosting company was vulnerable to such attacks. The National Cyber Directorate also advised Israelis whose personal data was comprised to change their passwords, enable two-factor authentication, and remain vigilant for suspicious emails and messages.
Black Shadow stole a vast trove of information from Israeli insurance company Shirbit last year and then sold it on the dark web when the firm refused to pay a ransom.
Cyberserve’s customers include the Dan and Kavim public transportation companies, the Children’s Museum in Holon, the Pegasus travel company and the blogsite of the Kan public broadcaster.
The websites of a number of Cyberserve’s customers were unavailable on Saturday afternoon.
Last year, the Black Shadow attacked the Shirbit insurance firm and opened ransom negotiations, but the company said it wouldn’t pay, leading to the dark web sale of information stolen from the firm.
Many of Shirbit’s clients are from the public sector and images of private documents released included the vehicle registration and credit card details of an employee at the President’s Residence, as well as personal correspondence and a marriage certificate, as well as the personal details of the president of the Tel Aviv District Court.
Unnamed Israeli officials told Channel 12 news at the time of the attack that they believed a state was behind the Black Shadow attack. However, they did not name the country.
Israel and Iran have been engaged in a years-long shadow war, with Israel allegedly directing most of its efforts — including multiple suspected cyberattacks — at sabotaging the Islamic Republic’s nuclear program.
This week, an unprecedented cyberattack took down Iran’s subsidized fuel distribution system.
Abolhassan Firoozabadi, a top official in Iran’s Supreme Council of Cyberspace, told state broadcaster IRIB that the attack had apparently been carried out by a foreign country, though it was too early to name suspects. He also linked the attack to another one that targeted Iran’s rail system in July.
The next day, an Iranian official tweeted in Hebrew that the “enemy’s goal” of fomenting unrest through gas shortages had been thwarted.
Numerous suspected Iranian cyberattacks on Israel were reported in recent years, including one that targeted its water infrastructure in 2020.
Microsoft said this month that Iran had increased its hacks on Israel fourfold in the past year.
“Microsoft detected an increased focus from a growing number of Iranian groups targeting Israeli entities… and with that focus came a string of ransomware attacks,” the company’s annual Digital Defense Report said.
Google has also warned of a surge in state-backed hackers, with a report focusing on the “notable campaigns” of a group linked to Iran’s Revolutionary Guard Corps.