Travel company’s servers seized by Israel's privacy protection authority

The Privacy Protection Authority in Israel seized servers hosting multiple travel booking websites because their operator failed to address security issues that enabled data breaches affecting more than 300,000 individuals.

At least 10 websites managed by Gol Tours LTD in Israel have been been shut down following a notification from the agency about fixing the security vulnerabilities that allowed hackers to steal personal information and credit card data belonging to customers.

Iranian group attribution

On Thursday, Israel’s The Privacy Protection Authority on Thursday confirmed the cyberattack, which is believed to be the work of an Iranian threat actor, The Times of Israel reports.

According to the publication, the agency contacted Gol Tours immediately after the hack and asked to address the security flaws the hackers exploited in the incident.

“In any case of failing to immediately report a serious security breach and not cooperating according to the guidelines, the authority will take decisive action to protect the personal information of the public, including effectively halting the company’s operations” - Israel’s Privacy Protection Authority

Ram Levi, the CEO of Konfidas, a cyber and crisis management company, said that the hackers are an Iranian group called Sharp Boys.

Cyberattack on Israeli travel sites attributed to Sharp Boys Iranian hackers
Cyberattack attributed to Sharp Boys source: Ram Levi

The Privacy Protection Authority seizing servers of a company that had been victim of a cyberattack is a first in Israel. Levi notes that the websites have been shut down and the agency is examining the systems as part of its investigation.

The owner of Gol Tours said that the hackers only stole names and phone numbers for the websites' databases and that the agency's accusations of refusing to improve security were wrong.

"I never said I wouldn’t upgrade [security] because it would cost me money, never," Gol Tours said, adding that "the authority had sent us a faulty document and didn’t respond to our messages."

Sharp Boys data leaks

On their website, the Sharp Boys gang describes itself as “an independent hacker group.” They announced the hack on June 11, saying that they had stolen databases containing names, phone numbers, email addresses, credit card data, passport numbers, and customers’ travel history.

Sharp Boys announcement on hacking multiple Israeli travel sites
Sharp Boys claiming hacks of Israeli travel sites - source: BleepingComputer

The list above published by the threat actor includes the same websites that have been reported to be shut down by Israel’s The Privacy Protection Authority.

In the next few days after announcing the hack, Sharp Boys leaked 300,000 records of customer data.

The gang also shared a screenshot from a remote desktop connection showing that they had access to more than two dozen domains allegedly owned by Gol Tours.

BleepingComputer checked the registration information for several of them and found that they were operated by Gol Tours LTD and had a contact email address hosted at gol.co[.]il, a site that is up and running at the time of publishing.

Related Articles:

Ukraine claims it hacked Russian Ministry of Defense servers

U.S. charges Iranian for hacks on defense orgs, offers $10M for info

INC Ransom threatens to leak 3TB of NHS Scotland stolen data

Misconfigured Firebase instances leaked 19 million plaintext passwords

200,000 Facebook Marketplace user records leaked on hacking forum