A group of Saudi hackers calling themselves Group XP claimed credit for exposing thousands of Israelis’ credit card numbers and other information on Monday.
“We decided to give the world a new year gift, about 400,000+ Israeli people information!!!," declared the group, believed to be connected to the global hacking group Anonymous, whose affiliates have been arrested around the world for denial-of-service attacks on private and government web sites.
The information, collected by tracking purchases by Israelis, was posted on a page that redirected from a popular Israeli sports site, ONE, but quickly removed.
The attack targeted users of cards issued by IsraCard, Cal-Israel and Leumi Card. Those companies insisted the number of hacked accounts was far less than the Group Xp boast, about 15,000, and that users would not be held responsible for any fraudulent charges
The Israelis names, emails and credit card numbers, including the three-digit security codes were exposed.
The attack is an embarrassment to a country that prides itself on its fast growing high-tech industry.
"There's no question that website security in Israel has to improve," Dov Kotler, CEO of one of the affected credit card companies, Isracard, told Yediot Acharanot. "The newer websites pose less of a problem, because their security protocols are higher – it's the older websites that have outdated security."
Various reports quoted the hackers as saying in a statement “it will be so fun to see 400,000 Israelis stand in line outside banks and offices of credit card companies to complain that their cards had been stolen. To see banks shred 400,000 cards and reissue them. To see that Israeli cards are not accepted around the world, like the Nigerian cards.”
Chester Wisniewski, a senior advisor at Sophos, a global cybersecurity firm based in Canada, said both supporters and enemies of Israel have for years been waging denial-of-service attacks, which overwhelm a web site’s servers, in support of their causes. “It’s just a new twist on an old war,” he said.