Elector app used by Netanyahu's Likud Party leaks personal data of six million Israeli voters

Prime Minister Netanyahu urged party workers last week to download the app and use it to connect with voters

An app used by Israeli Prime Minister Benjamin Netanyahu's Likud Party has leaked the personal details of more than six million voters in the country - every adult registered to vote.

The data breach was first noticed by Ran Bar-Zik, an Israeli-born front-end developer for Verizon Media. Bar-Zik said he was discovered the breach while reviewing the security of Elector, an app developed by Feed-b for Lukid Party.

The data leak was also confirmed later by various local media outlets including Haaretz, Ynet and Calcalist.

According to Bar-Zik, the unsecured Elector app leaked the names, addresses, identification numbers and some other details of the entire Israeli voter registry. Those details were reportedly uploaded to the app's database by Likud Party.

Political parties in Israel receive voters' details before the elections. Using those details, party workers contact the voters in the country and try to convince them to vote and support their party.

However, as per existing privacy rules in Israel, parties can't publish voter details or share them with third parties.

Once the election process is over, parties must permanently delete all the information "in a way that cannot be retrieved".

Prime Minister Netanyahu urged Likud party workers and supporters last week to download the app and use it to connect with more voters.

According to Haaretz, the security vulnerability in the Elector app allowed anyone to download the complete voter registry without requiring advanced skills or tools. A person just needed to right-click on the home page of the app and then select the "view source" option. The page then showed the source code, along with all usernames and passwords of system admins.

With admin credentials, a person could easily log in to the app and download the voter registry.

It is unclear how much data was leaked from app. Haaretz said it didn't go much deeper in the breach to avoid breaking the law.

Feed-b, which owns the app, described the leak as one-time incident and said that it had taken appropriate steps to address the vulnerability.