Massive Leak Exposes Personal Data of Thousands of Israeli Soldiers

A major security breach on an external Israeli ticketing platform, TickChak, exposed the personal data of tens of thousands of soldiers in the Israeli occupation army, including senior figures like Chief of Staff Eyal Zamir, Haaretz reported on Wednesday.

The compromised data included full names, ID numbers, and phone numbers. TickChak, used by military units to provide recreational perks, had a glaring vulnerability: anyone with access to an ID number could view a soldier’s private information without any further verification.

The breach was executed using basic software tools created by a user calling themselves the “Persian Prince”. The attacker reportedly ran a program that generated and tested ID numbers to extract associated personal data.

Wider context

The platform failed to implement key protections like automated security blocks or geographic restrictions, allowing unrestricted access—even from what the paper described as a “hostile state”.

The leak is seen as a significant security lapse, with Haaretz noting that it included information about active-duty personnel and the army’s top commander. The exposed data could potentially be used by adversaries to monitor, track, or target Israeli military members.

TickChak defended the platform’s safety, asserting that it meets “international standards,” but admitted that “the simple login system was used at the customer’s request, instead of two-step verification.”

In response, the Israeli army stated that “the glitch was immediately addressed, the incident was investigated, and lessons were learned.”

The company claimed that it has since enhanced its security measures.