Israel's LGBTQ community has been hit with a one-two punch — Atraf, an Israeli gay dating app, was hacked and information on users was leaked, meanwhile sexual misconduct accusations were made against two prominent gay community leaders.
Atraf was hacked through its host provider, CyberServe, on October 30, and subsequently shut down.
The hackers demanded $1 million in ransom. Atraf and CyberServe did not respond to the request. Last week, the hackers started leaking users' information in waves, pressuring the popular gay dating app to pay up.
The cyberattack was carried out by Black Shadow, a group of Iran-linked hackers that claimed responsibility, reported the Times of Israel. The hackers used another popular social media app, Telegraph, to leak the information of the stolen 700-megabyte file starting November 2. The file included detailed information for about 1 million users, including their sexual orientation and HIV status, reported Haaretz.
The hackers sent threats to CyberServe through the social media app, Telegram: "You probably could not connect to many sites today. CyberServe and their customers were harmed by us."
The message went on to threaten the company, noting it had a lot of data, "If you do not want it to be leaked by us, contact us soon."
Charlie Spiegel, a 63-year-old gay Jewish San Francisco man, received an email from CyberServe informing him of the cybersecurity breach and its effect on Atraf, on November 7.
Spiegel, a family mediator, used the app six years ago while he was dating and traveling, he told the Bay Area Reporter. He was uncertain if his account was still active because he has not used it recently. Spiegel expressed concern about the Atraf hack for the number of closeted Orthodox Jewish men who used the site.
"I'm most concerned about its effect on observant closeted gay Jews, who may be outed by this and face serious harm," he wrote in an email interview with the B.A.R. "Maybe like AIDS and through a lot of pain in both instances, it will at least lead to people in Israel [to] know how prevalent gay people are."
Yoram Hacohen, head of the Israel Internet Association, told the Times of Israel, "This is one of the most serious attacks on privacy that Israel has ever seen. Israeli citizens are experiencing cyberterrorism."
Ethan Felson, executive director of A Wider Bridge, an LGBTQ Jewish American and Israeli organization, called the cyberattack "devastating," noting that it "points to a vulnerability of our lives."
"The scale of this is shocking, and as was apparently the lack of care in protecting, not just personal information, but also medical information," Felson said, noting partner organizations reported increased calls to hotlines, not only due to the Atraf hack but also the sexual misconduct accusations made against two longtime LGBTQ community leaders. (See below.)
Atraf wasn't the only company affected by the cyberattack. Others that were hacked included Dan Bus Company and Kavim Bus app; vehicle insurance company Shirbit; travel booking site Pegasus; finance company KLS; and medical service Doctor Ticket.
Accounts connected to Atraf — Gmail, Facebook, Instagram, and Spotify — where users used the same password as the LGBTQ dating app were also affected, reported the Jerusalem Post.
Christof Wittig, founder and CEO at Hornet, a San Francisco-based queer social network, expressed concern, compassion, and anger upon news of the Atraf hack.
"Our reaction was one of concern for the safety of the breached users, compassion with fellow entrepreneurs, and anger at catfishes of all sorts, but especially the ones who target vulnerable LGBTQ people," Wittig wrote in an email interview with the B.A.R. November 9.
Wittig stated that in Hornet's 10-year history the app has not "experienced any serious breaches or hacking of user data," but cautioned 100% safety is not possible.
However, Hornet bakes safety for its users into "every fabric of our business," Wittig wrote, noting ongoing security testing, robust responsiveness to fix security vulnerabilities and patches in coding, among other methods used to keep members safe.
He also pointed out that Hornet was among the first dating and LGBTQ apps to embrace hacker-powered security, joining HackerOne in May 2017.
The B.A.R. reached out to gay dating app Grindr for reaction to Atraf's hack. Grindr did not respond by press time.
Speaking with the B.A.R., Felson expressed pride in AWB's partner organizations in Israel for quickly condemning the accused leaders and increasing staffing for the hotlines and other services to support the community reeling from both incidents.
"We are very proud of our Israeli partners for the quick steps taken to provide support services to people who are feeling very vulnerable and scared right now," Felson said.
On November 3, Israel's Authority for the Defense of Privacy announced it launched an investigation into Atraf for "faulty cyberdefenses" leading to the hack. Israel's National Cyber Directorate had previously warned CyberServe it was vulnerable to attack, reported the Times of Israel.
The Authority for the Defense of Privacy instructed Atraf to provide client details and information about the hack and leaked information last week, reported the Post.
Atraf posted a statement to users on its Facebook page November 6. "We are awake to the concerns and the complex situation that has been created and are constantly working with the authorities to end the attack," the company stated.
Atraf also advised users to be on alert for messages from people they do not know, especially asking for personal information; to use a two-factor authentication mechanism on all of their important accounts; and to change their passwords.
Sexual misconduct allegations
Earlier this month, two longtime queer community leaders, Gal Uchovsky and Etai Pinkas-Arad, were accused by individuals, identified as "A." and "Y.," of sexual misconduct. The alleged incidents occurred more than a decade ago, the Post reported, when at least one of the accusers was 17.
Uchovsky was founder and president of Israel Gay Youth. He has stepped down from his involvement in the organization following the allegations. Israeli authorities are now investigating the claims, the newspaper reported.
Pinkas-Arad, who served as a Tel Aviv City Council member in charge of the issues concerning the LGBTQ community, also stepped down from his position, according to the Post.
"The last few days have been hard and painful," IGY leaders said in a statement published by the Post November 7. "We strongly condemn any behavior of the kind of incidents that have been exposed in recent days and condemn any expression of sexual violence, certainly when it harms our youth and young adults."
"Many of our friends are hurting right now," AWB leaders Felson and Alan Schwartz, board chair, said in a statement posted on the organization's Facebook page, "and we stand with them." AWB is a funder of IGY.
"The Israeli LGBTQ community is reeling from back-to-back revelations," the leaders continued, expressing that community leaders have a "sacred responsibility to behave in ways that should be emulated — and it appears that did not happen. It is a badge of shame.
"Taken together, these stories have rocked the LGBTQ community in Israel. In very different ways, they expose our vulnerabilities," they added.
Got international LGBTQ news tips? Call or send them to Heather Cassell at WhatsApp/Signal: 415-517-7239, or [email protected]
Help keep the Bay Area Reporter going in these tough times. To support local, independent, LGBTQ journalism, consider becoming a BAR member.