Iranian hackers leak info of over 300,000 Israelis from tourism sites

Iranian hacker group Sharp Boys obtained personal data from over 20 Israeli tourism sites.

Iranian flag and cyber code [Illustrative] (photo credit: PIXABAY)
Iranian flag and cyber code [Illustrative]
(photo credit: PIXABAY)

The personal information of over 300,000 Israelis was leaked last month by an Iranian hacker group targeting Israeli travel booking sites.

The group, named Sharp Boys, claimed last month that it had obtained data from Israeli tourism sites, including ID numbers, addresses, credit card information and more.

Over 20 sites of travel agencies, hotels and resorts were hacked, including hotel4u.co.il, hotels.co.il, isrotel.com, minihotel.co.il, trivago.co.il and danhotels.com.

According to reports, the information leaked included personal requests by Israeli customers to cancel planned vacations due to various health issues.

"Wherever you go, even on your trips, you are under our control. Remember our name," said Sharp Boys in a photo posted on their Telegram channel.

Travelers arrive at Ben-Gurion Airport when Israel again permitted tourists to enter the country on November 1. (credit: TOMER NEUBERG/FLASH90)Travelers arrive at Ben-Gurion Airport when Israel again permitted tourists to enter the country on November 1. (credit: TOMER NEUBERG/FLASH90)

Privacy Protection Authority demands cyber upgrade

In response to the hack, Israel's Privacy Protection Authority claimed it contacted the website operator to bring attention to defects in information security, N12 reported. The operator is the owner of Gol Tours, which operates most of the Israeli websites hacked. 

Furthermore, the authority said its demand for the operator to upgrade his cyber security was met with refusal. According to the Privacy Protection Authority, his refusal was due to the high costs of doing so.

In response to the accusations made against him, the Gol Tours owner claimed he never refused to upgrade his cyber security. He also added that the hackers "only took names and phone numbers" from his website, claiming that his company does not keep credit card records.

"We know how to deal with [hackers], but Israeli authorities harmed us more than the Iranians," the Gol Tours owner said.

"We know how to deal with [hackers], but Israeli authorities harmed us more than the Iranians,"

The owner of Gol Tours, which operates many hacked tourism sites

After receiving a court order, inspectors from the Privacy Protection Authority reportedly seized the operator's servers, thereby shutting down all of his company's operations.

Sharp Boys' claims

Sharp Boys originally claimed that it had obtained control of the backend administration of the websites and released a spreadsheet it claimed contained the personal information of 120,000 people.

Earlier last month, the group claimed that it had hacked a series of other Israeli tourism sites and obtained the personal information of users from those sites as well.

Sharp Boys later published a spreadsheet it claimed contained the credit card information and personal information of 100,000 people.

Continued cyberattacks from Iran

The Sharp Boys hacker group first appeared in December, when it announced that it had hacked two Israeli hiking websites, leaking the information of 100,000 users and offering the information of around three million people for sale.

In all of their attacks, the Sharp Boys have not made or referenced any demands for ransom. It is unclear if the attacks are nationalistically motivated.

Tzvi Joffre contributed to this report.