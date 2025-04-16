A security breach on an external Israeli ticketing website led to sensitive data belonging to soldiers in the Israeli occupation army, including Chief of Staff Eyal Zamir and high-ranking officers, being made available online, Haaretz reported yesterday.

According to the report, the breach allowed access to personal information, including their full names, ID numbers and phone numbers, through the TickChak website, which is used by army units to offer recreational benefits to their employees.

The breach, coupled with the weak security of the website, allows anyone to access soldiers’ data simply by entering their ID number, without going through any additional verification. This allowed for the extraction and collection of personal information belonging to tens of thousands of soldiers.

The breach occurred using simple software tools created by an anonymous user identifying themselves as the “Persian Prince”. The user was able to run a programme that tested potential ID numbers and extracted the details of their owners.

The website did not implement any automated protection against repeated attempts or geographic restrictions, allowing the attacker to access the data from outside Israel, including from a “hostile state”, according to the newspaper.

The database of exposed information contained the details of several active-duty soldiers, including the Chief of Staff of the Israeli army, Eyal Zamir, which is considered a critical security breach, as external or hostile parties could use this information to track military personnel or target them electronically or in the field.

In response, the army said that “the glitch was immediately addressed, the incident was investigated, and lessons were learned.” TickChak, the platform’s operator, clarified that the site is secure according to international standards, but acknowledged that “the simple login system was used at the customer’s request, instead of two-step verification.” It added that security levels were strengthened after receiving feedback.

