Personal Info of Tens of Thousands of Israelis Stolen by Turkish Hackers

According to reports in local media the email addresses, passwords and personal information of over 100,000 Israelis is being shared on Turkish hacking forums. Apparently, they were lifted from compromised websites in the aftermath of the Gaza flotilla raid earlier this year.

The data breach was originally reported (in Hebrew) last Friday by an Israeli blogger named Erez Wolf, who accidentally came across an Excel file containing the email addresses and passwords of 32,561 Israeli Internet users, including government workers. The data was apparently stolen by a group of Turkish hackers from the website a of large commercial center in Israel sometime at the beginning of June.

As far as Wolf could tell from the discussions on a hacking forum, the motives behind the theft were political and related to the raiding by Israeli Defense Forces (IDF) of an aid flotilla on its way to Gaza. The incident, which took place on 31 May resulted in the death of nine activists from the Turkish  Foundation for Human Rights and Freedoms and Humanitarian Relief (IHH) and the injury of many others.

In the aftermath of the raid, Turkish hackers attacked many Israeli websites and as it soon became apparent, the breach discovered by Wolf was not the only one. Over the weekend another file containing emails and passwords for 70,000 more Israelis was found. These details appear to have been stolen from Pizza Hut, which has since confirmed the attack on one of their websites.

Even though Pizza Hut told Haaretz, an Israeli newspaper, that no financial details were breached, because they are not hosted on their servers, this doesn't mean that affected users are not exposed at identity theft. Because a lot of people reuse the same password over multiple websites it's more than likely that the access codes stolen from Pizza Hut or the other commercial center can be used to access other type accounts, possibly holding sensitive info.

In fact, Wolf reported that Turkish hackers managed to get into the Paypal account of at least one of the users who had their password and email address stolen. It seems there was an entire discussion on the hacking forum about whether it's ok or not to misuse the credit card details found inside. Many were against it, but others argued that the Quran states its fine to steal money from infidels.

Wolf has contacted the compromised website and also his local law enforcement. The stolen data is still being evaluated and the incidents will be investigated.

You can follow the editor on Twitter @lconstantin