A dataset indexed by leaksear.ch and attributed to mod.gov.il contains 8,603 Aharai participant records, with a listed breach date of November 9, 2021 (leaksear.ch metadata). The official site identifies mod.gov.il as the Israel Ministry of Defense domain, and the Excel files include names, Israeli identity numbers, email addresses, phone numbers, birth dates, addresses, program and group details, family details, status fields, and notes (mod.gov.il) (leaksear.ch metadata).
What happened
Breachsense lists a mod.gov.il data breach discovered on November 9, 2021, with Moses Staff as the threat actor (www.breachsense.com). Public reporting from October 27, 2021, said Moses Staff claimed it had conducted a cyberattack against the Israeli Defense Ministry and released files and photos it said came from ministry servers (www.jpost.com).
The exact exposure path for the indexed Aharai Excel files is not confirmed in the leaksear.ch metadata. In the same public reporting, Israel's National Cyber Directorate was quoted warning that hackers were exploiting a known email-server vulnerability and urging organizations to apply critical updates, but that warning should not be treated as confirmation of how this specific indexed spreadsheet was exposed (www.jpost.com).
Security coverage of the wider Moses Staff campaign described a politically motivated leak-and-encrypt operation against Israeli organizations, with no ransom demand. BleepingComputer and The Hacker News, citing Check Point Research, reported that the group leaked stolen data and used public channels such as Telegram or leak sites to amplify its claims (www.bleepingcomputer.com, thehackernews.com).
Aharai's public site describes pre-army and leadership frameworks for Israeli youth, including military preparation, technological education, pre-military academies, and a year of service (aharai.org.il). The Ministry of Defense's Defense and Society Department says it coordinates activities with youth movements and NGOs and works on youth military-preparation programs, which provides public context for the type of data described in the leak metadata but does not confirm the source of this leak (mod.gov.il).
What data was exposed
The indexed records contain direct identifiers and contact fields: names, email addresses, phone numbers, home phone numbers, usernames, addresses, country values, dates of birth, Hebrew birth dates, ages, gender, and Israeli identity or national ID values (leaksear.ch metadata).
The records also include program and administrative context: district, framework, project, group, role, guidance level, recruitment and recruitment source, school class and school type, graduate and status fields, source file and source sheet, and row numbers (leaksear.ch metadata).
The metadata also lists sensitive contextual fields such as father and mother names, family background indicators, health fund, injuries, medical approval, criminal history, participant background, scholarship or studies, training potential, additional characteristics, and general notes (leaksear.ch metadata).
Why this matters
This leak combines government-adjacent youth program data with national identifiers, contact details, birth dates, family information, medical and background indicators, and free-form notes, which creates long-lived risk for targeted phishing, doxxing, impersonation, and identity-fraud attempts (leaksear.ch metadata). Because public reporting tied Moses Staff to politically motivated leaking rather than conventional extortion, affected people should assume the exposure risk is not limited to financial fraud and may include harassment or social engineering that references Aharai, pre-military programs, or Ministry of Defense context (www.bleepingcomputer.com, thehackernews.com).
Security teams and journalists should avoid circulating samples and should treat national ID, health, background, and family fields as especially sensitive. If you think you were connected to Aharai, a pre-military framework, or a related Ministry of Defense program, check this leak using your name, email address, phone number, username, date of birth, country, or address.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, date of birth, email, name, phone, and username.
Sources
- Breachsense: mod.gov.il Data Breach in 2021
- Israel Ministry of Defense: Homepage
- Israel Ministry of Defense: Defense and Society Department
- Aharai!: fields of action
- The Jerusalem Post: Hacker group leaks data, photos from Defense Ministry, Benny Gantz
- BleepingComputer: Moses Staff hackers wreak havoc on Israeli orgs with ransomless encryptions
- The Hacker News: New 'Moses Staff' Hacker Group Targets Israeli Companies With Destructive Attacks