Israel Post seals system vulnerabilities, says no sensitive data leaked

White hat warns government services often fall short on cybersecurity after Israel's top mail service patched data breach affecting many Israelis
Israel Post, Israel's leading mail delivery service, said it had patched a significant vulnerability in its parcel delivery system that allowed unauthorized access to sensitive information of customers ordering from online retail platforms like Ali Express and eBay.
Rotem Reiss, the director of product security at Playtika and a white-hat hacker, discovered the breach and worked with authorities to secure the system.
3 View gallery
אלימות טכנולוגית
אלימות טכנולוגית
(Photo: Shutterstock)
Initially, Israel Post attributed the problem to simple login credentials, leading to strengthened password requirements. Although the breach exposed some customer data, critical details like payment methods or Israeli ID numbers were not compromised, ensuring users' key information remained protected.
However, the nature of the breach means it's impossible to confirm this with absolute certainty, as hackers could leave no trace.
3 View gallery
דואר ישראל
דואר ישראל
Israel Post
(Photo: Tal Azulay)
Reiss, who discovered and helped fix the leak, has aided numerous organizations, including government entities and corporations like Microsoft and Yahoo in securing their systems. He noted that despite expectations, government services often fall short on security.
Despite Israel's reputation as a "high-tech nation," its market remains vulnerable to cyberattacks. Recent incidents, such as breaches at Shirbit Insurance, Hillel Yaffe Medical Center, the Atraf LGBT dating site and Signature-IT storage service, highlight the ongoing risk, with personal details of up to 3 million Israelis potentially exposed to adversaries.
3 View gallery
האקר
האקר
(Photo: Shutterstock)
Israel Post said in response that the issue stemmed from an "external application used by small businesses who work with us to deliver parcels to private customers" which "merely includes limited details about the parcels, such as item number and its location, the name of the intended recipient and phone number to send important messages about delivery."
<< Follow Ynetnews on Facebook | Twitter | Instagram | TikTok >>
Comments
The commenter agrees to the privacy policy of Ynet News and agrees not to submit comments that violate the terms of use, including incitement, libel and expressions that exceed the accepted norms of freedom of speech.
""