Two days after the Iran-affiliated BlackShadow hacker group breached the Israeli LGBTQ dating app Atraf *among other platforms) and began leaking information on its users, the perpetrators warned on Sunday that they would dump the entire set of information unless their $1 million ransom request is not met within 48 hours.
Follow Israel Hayom on Facebook and Twitter
The group shared the personal information of a small number of Atraf users already on Friday, after Cyberserve – the Israeli server company that hosted the dating app – did not heed their demands
"No one from the Israeli government or Cyberserve contacted us about the issue," BlackShadow said in a Telegram message on Sunday.
It further said: "It is obvious this is not an important problem for them. We know everybody is concerned about the Atraf database. As you know, we are looking for money. So we made a decision: Atraf's database includes the personal information of about 1 million people, the content of their chats, event tickets … anything that was on the site. If we receive $1 million within the next 48 hours, we will neither leak nor sell this information to anybody. Anyone can pay the ransom."
BlackShadow's Telegram message (Screenshot)Yoram Hacohen, CEO of the Israel Internet Association said "under no circumstances" should Blackshadow's demands be met.
"There is no guarantee that the information will not be leaked after the ransom is paid," he said. "Worse yet, such surrender will lead to further attacks, due to what they will perceive as an achievement.
"Moreover, if private users receive ransom demands, they must immediately alert the police and not take any action beyond that. What has to be done now is to increase online safety and privacy regulations, and provide support – physical and mental – to the people whose information has been leaked."
Cyberserve confirmed the reports in a statement and said it was working with the Israel National Cyber Directorate to "put an end to the incident in the best way possible." It further added that it was "working closely with all relevant entities of the State of Israel" and promised to update those involved as soon as it has more information on how the attack was carried out.
The management of Atraf also confirmed the reports. "The company works to restore the service only after it is fully secured, including resetting the users' password," it said in a statement and encouraged users to change their passwords on other sites.
#Israel: 'Black Shadow' demanding $1 million within 48 hours, threatening to reveal the HIV status of users from an #LGBTQ dating site.
'This is a personal attack that affects over a million people from the LGBTQ community,' says Oren Elimelech, CyberTeam 360. pic.twitter.com/BhIS5QAc8e
— i24NEWS English (@i24NEWS_EN) October 31, 2021
Besides the dating app, the hackers of BlackShadow also breached dozens of other sites hosted by Cyberserve, including Kan public broadcaster, the Israel Lottery, Birthright, the Dan and Kavim public transportation companies, the Children's Museum in Holon, tour booking company Pegasus, and the Israeli Children's Museum.
Later on Sunday, BlackShadow's Telegram account, through which it leaked the initial information and demanded the ransom, was blocked. The move was most likely executed by heads of the instant messaging platform following requests by top officials involved in the affair.
Subscribe to Israel Hayom's daily newsletter and never miss our top stories!
