TEL AVIV, AFP — A hacking group calling itself Black Shadow threatened Sunday to reveal personal details of a million users of Israeli’s leading LGBTQ dating site, an attack some cyber experts linked to Iran.

“If we have 1 Millions $ in our wallet in the next 48 hours, we will not leak this information and also we will not sell it to anybody,” Black Shadow wrote on Telegram.

The Atraf dating site was compromised after Black Shadow hacked CyberServe, an Israeli internet service provider whose clients include public transportation firms, museums and a travel company.

On Saturday, the group dumped tens of thousands of records online from the various sites it had penetrated, including 1,000 user profiles from Atraf.

The leaked records included users’ HIV status, sexual orientation and unencrypted passwords.

Ran Shalhavi, CEO of The Aguda — The Association for LGBTQ Equality in Israel, told AFP his organization had extended its emergency hotline hours to deal with a flood of worried callers.

“They are exposed, and if they are in the closet, they are exposed to situations they never knew before,” he said, adding that the association was working with different groups to “reduce damage”.

Libi Oz, a spokeswoman for the government-funded Israel National Cyber Directorate, said her office warned CyberServe “several times” it was vulnerable to attack.

AFP was unable to reach Atraf for comment, and CyberServe did not return AFP’s calls.

Cyber intelligence researcher Ohad Zaidenberg said the breach appeared to be linked to a hack of Israeli insurance firm Shirbit last year, also claimed by Black Shadow, as well as an attack in March on Israeli insurance company KLS Capital Ltd.

“Now they are doing something relatively similar,” Zaidenberg said.

“We know that attack on Shirbit was Iranian, and therefore we can say, if it’s the same attacker and that attack was Iranian, this attack is Iranian.”

Keren Elazari, a cybersecurity expert and researcher at Tel Aviv University, agreed that the attack appeared to be Iranian.

“A big part of the hacks we’ve seen is not about ransom,” she said. “It’s about embarrassing Israeli companies, embarrassing Israeli citizens.”

She said the pandemic had opened new vulnerabilities for Israeli firms, as working from home offered less cybersecurity and has “multiplied the opportunity for attacks”.

“CyberServe did not apply necessary procedures to protect itself,” she told AFP.