Hackers offer personal information of 500,000 Israeli students for sale

Weeks after breach of college chain Atid servers, hacker group Sharp Boys puts stolen information up for sale and releases additional data of students; Atid: ‘These are Iranian hackers, and most of the materials are outdated’

Raphael Kahan, Tamar Trabelsi Hadad|
Hackers leaked on Saturday a series of files containing thousands of samples of personal information that was purportedly stolen from the servers of a prominent college chain several weeks ago.
<< Follow Ynetnews on Facebook and Twitter >>
More Stories:
According to the hacker group Sharp Boys, they possess identification documents with headshots, academic certificates and credentials, addresses and personal information, military documents, and other personal documents that students have submitted to the Atid college chain over the years. The hackers added that the database contains data of approximately 500,000 students.
3 View gallery
האקר איראני
האקר איראני
(Illustration: Shutterstock)
The hackers boasted about taking down the college's entire website, except for the main domain, so interested parties could verify the credibility of the data they offer for sale. Additionally, they uploaded the code of the college's website to the internet, presumably to prove their claims and credibility.
This is not the first time Sharp Boys have targeted Israeli firms. According to information provided by Persist Security, they have been involved in numerous attacks on Israeli websites.
The group began its attacks on Israeli websites in 2021. In that same year, they breached the website of outdoor gear store chain Lametayel and the Tiyuli travel website. The group claimed to possess a 500-gigabyte database containing data of approximately three million users, including emails, passwords, phone numbers, and more. They published some of the data.
About two weeks later, the hackers announced a breach of bus.co.il and its CRM data. According to the group, they hold over four million records, including names, dates of birth, addresses, phone numbers, and various files. They published some of the data. Following the breach, experts raised the question of whether it was a genuine breach or a leak from a previously compromised database.
3 View gallery
קבוצת ההאקרים Sharp Boys
קבוצת ההאקרים Sharp Boys
Sharp Boys
(Photo: Screenshot, Telegram)
In the summer of 2022, the group claimed to have breached a long list of websites, most of which were small, and stole credit card data and details from them. In July of that year, the group published a list of an additional 48 websites that they claimed to have breached. Unlike their usual practice, the hackers did not upload any data online this time.
Last month, almost a year after the previous incident, the group announced a breach of college networks. Among the files recently published by the Sharp Boys: approximately 900 scanned copies of identification documents and certificates, and an Excel file with over 200,000 records, including full names, emails, residential addresses, and other data. Additionally, the hackers published a file containing 68 different documents related to the IDF (engineering certificates, grades, and more).
In response to a Ynet request for comment, the Atid Group stated: "As reported two months ago, the Atid Group dealt with a malicious cyberattack orchestrated by Iranian hackers who sought to continue and carry out strategic strikes against leading academic and educational institutions in Israel.
The isolated attack was thwarted, but there are old materials, most of which have leaked. The National Cyber Directorate closely monitors and accompanies the management of the event, and its personnel are working to combat the repeated attempts by the Iranians to re-release the same materials."
3 View gallery
האקר על רקע דגלי רוסיה ואיראן
האקר על רקע דגלי רוסיה ואיראן
(Illustration: ImageFlow, NINA IMAGES / shutterstock.om)
Despite the accusations leveled against Iran, Persist is not confident that the hackers originate from the Islamic Republic. In fact, one of the senior researchers in the company firmly asserts that the group is not Iranian.
However, it is challenging to attribute a specific source to this group or any other. For instance, in the past month, the Anonymous Sudan group targeted numerous Israeli websites. Until the conclusion of Operation Shield and Arrow, this group was initially identified as either a Russian group or one with affiliations to Russia, despite their claims of advocating for the Palestinians. Their activities indicated a desire to "punish" Israel for its support of Ukraine during the conflict with Russia.
The commenter agrees to the privacy policy of Ynet News and agrees not to submit comments that violate the terms of use, including incitement, libel and expressions that exceed the accepted norms of freedom of speech.