Personal Info of Tens of Thousands of Israelis Stolen by Turkish Hackers

[Darius Freamon <darius.freamon () gmail com>]

http://news.softpedia.com/news/Personal-Info-of-Tens-of-Thousands-of-Israelis-Stolen-by-Turkish-Hackers-148020.shtml

By *Lucian Constantin*, Security News
Editor<http://news.softpedia.com/editors/browse/lucian-constantin>

July 19th, 2010, 07:37 GMT

According to reports in local media the email addresses, passwords and
personal information of over 100,000 Israelis is being shared on Turkish
hacking forums. Apparently, they were lifted from compromised websites in
the aftermath of the Gaza flotilla raid earlier this year.

  The data breach was originally
reported<http://www.we-cms.info/blog/turkish-hackers/>(in Hebrew) last
Friday by an Israeli blogger named Erez Wolf, who
accidentally came across an Excel file containing the email addresses and
passwords of 32,561 Israeli Internet users, including government workers.
The data was apparently stolen by a group of Turkish hackers from the
website a of large commercial center in Israel sometime at the beginning of
June.

As far as Wolf could tell from the discussions on a hacking forum, the
motives behind the theft were political and related to the raiding by
Israeli Defense Forces (IDF) of an aid flotilla on its way to Gaza. The
incident, which took place on 31 May resulted in the death of nine activists
from the Turkish  Foundation for Human Rights and Freedoms and Humanitarian
Relief (IHH) and the injury of many others.

In the aftermath of the raid, Turkish hackers attacked many Israeli websites
and as it soon became apparent, the breach discovered by Wolf was not the
only one. Over the weekend another file containing emails and passwords for
70,000 more Israelis was found. These details appear to have been stolen
from Pizza Hut, which has since confirmed the attack on one of their
websites.

Even though Pizza Hut told
Haaretz<http://www.haaretz.com/news/diplomacy-defense/turkish-hackers-target-israeli-pizza-lovers-1.302650>,
an Israeli newspaper, that no financial details were breached, because they
are not hosted on their servers, this doesn't mean that affected users are
not exposed at identity theft. Because a lot of people reuse the same
password over multiple websites its more than likely that the access codes
stolen from Pizza Hut or the other commercial center can be used to access
other type accounts, possibly holding sensitive info.

In fact, Wolf reported that Turkish hackers managed to get into the Paypal
account of at least one of the users who had their password and email
address stolen. It seems there was an entire discussion on the hacking forum
about whether it's ok or not to misuse the credit card details found inside.
Many were against it, but others argued that the Quran states its fine to
steal money from infidels.

Wolf has contacted the compromised website and also his local law
enforcement. The stolen data is still being evaluated and the incidents will
be investigated.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php