Company:Hudson Rock
| Type | Private |
|---|---|
| Industry | Cybersecurity |
| Founded | 2020 |
| Headquarters | Tel Aviv, Israel |
Key people |
|
| Products | Cavalier, Bayonet |
| Services | Cyber threat intelligence |
Number of employees | 2–10 (2025) |
| Website | hudsonrock |
Hudson Rock Limited is an Israeli cybersecurity company headquartered in Tel Aviv specialized in infostealer malware.[1][2][3][4] Hudson Rock was co-founded in 2020 by Alon Gal, who previously worked in Unit 8200 of the Israeli Defense Forces and Roi Carthy, a technology industry businessman.[5] Hudson Rock has identified data breaches involving personal information from companies including Facebook,[6] Twitter,[7] Airbus,[8] Telefónica,[1][9] Samsung Electronics,[10] Jaguar Land Rover and Telefónica.[5][11][12] In 2024, Hudson removed a report about Snowflake after legal pressure.[13]
Alon Gal
Alon Gal (Hebrew: אלון גל; b. 1996) is an Israeli cybersecurity expert and entrepreneur. He is the co-founder and chief technology officer of Hudson Rock,[14]
One of Gal's contributions to the industry was to uncover a massive data breach that affected over 533 million Facebook users.[3] The breach included users' phone numbers, email addresses, birthdays, and other personal information. Gal was the first to report the breach, which ultimately led to a $276 million fine for Facebook from the Irish Data Protection Commissioner for violating General Data Protection Regulation laws.[15]
In addition to the Facebook breach, Gal also played a role in uncovering a 2023 data breach that affected over 200 million Twitter users. The breach involved user information, including email addresses, usernames, and other personal information.[2]
Gal's work has also led to the uncovering of other significant data breaches, including a T-Mobile breach that exposed the personal information of 40 million customers.[16]
For a period of time between 2019 and 2021, Gal operated a pseudo-anonymous Twitter account and a Medium (website) blog called Under The Breach, the account gained popularity for the uncovering of several additional data breaches such as the 91 million Indonesian Tokopedia users data leak,[17] the 337,000 Maltese voters database leak which resulted in a 65,000 euro fine,[18] and the 20 million BigBasket users data leak.[19]
References
- ↑ 1.0 1.1 "Infostealer Infections Lead to Telefonica Internal Ticketing System Breach". 2024-10-08. https://www.securityweek.com/infostealer-infections-lead-to-telefonica-internal-ticketing-system-breach/.
- ↑ 2.0 2.1 Menn, Joseph. "Hackers leak email addresses tied to 235 million Twitter accounts". The Washington Post. https://www.washingtonpost.com/technology/2023/01/04/witter-leak-emails-handles/.
- ↑ 3.0 3.1 Holmes, Aaron. "533 million Facebook users' phone numbers and personal data have been leaked online" (in en-US). Business Insider. https://www.businessinsider.com/stolen-data-of-533-million-facebook-users-leaked-online-2021-4.
- ↑ "Twitter hacked, email addresses of over 200 million users exposed: Report" (in en-us). WION. https://www.wionews.com/technology/twitter-hacked-email-addresses-of-over-200-million-users-exposed-report-549887.
- ↑ 5.0 5.1 Ilascu, Ionut (2025-04-05). "HellCat hackers go on a worldwide Jira hacking spree". https://www.bleepingcomputer.com/news/security/hellcat-hackers-go-on-a-worldwide-jira-hacking-spree/.
- ↑ "Facebook data leak: Half a billion users' information posted on hacking website, cyber experts say". 2021-04-04. https://edition.cnn.com/2021/04/04/tech/facebook-user-info-leaked/index.html.
- ↑ "Twitter users' data hacked: Email address, phone numbers". 2023-01-05. https://www.theguardian.com/technology/2023/jan/05/twitter-users-data-hacked-email-address-phone-numbers.
- ↑ Krebs, Brian (2023-09-14). "FBI Hacker Dropped Stolen Airbus Data on 9/11". https://krebsonsecurity.com/2023/09/fbi-hacker-dropped-stolen-airbus-data-on-9-11/.
- ↑ "Telefonica Breach Exposes Jira Tickets, Customer Data". 2024-10-08. https://www.darkreading.com/cyberattacks-data-breaches/telefonica-breach-exposes-jira-tickets-customer-data.
- ↑ Knop, Dirk (2025-04-01). "Data leak: 270,000 Samsung customer tickets on the darknet" (in en). https://www.heise.de/en/news/Data-leak-270-000-Samsung-customer-tickets-on-the-darknet-10335221.html.
- ↑ "HellCat Ransomware Hits 4 Firms using Infostealer-Stolen Jira Credentials". 2025-04-05. https://hackread.com/hellcat-ransomware-firms-infostealer-stolen-jira-credentials/.
- ↑ Vijayan, Jaikumar (2023-10-13). "Ransomware Group Claims Attacks on Ascom, Jaguar Land Rover". https://www.securityweek.com/ransomware-group-claims-attacks-on-ascom-jaguar-land-rover/.
- ↑ "Hudson Rock yanks report into alleged Snowflake compromise" (in en). https://www.theregister.com/2024/06/04/snowflake_report_pulled/.
- ↑ "Twitter in data-protection probe after '400 million' user details up for sale" (in en-GB). BBC News. 2022-12-29. https://www.bbc.com/news/technology-64109777.
- ↑ Roth, Emma (2022-11-28). "Meta fined $276 million over Facebook data leak involving more than 533 million users" (in en-US). https://www.theverge.com/2022/11/28/23481786/meta-fine-facebook-data-leak-ireland-dpc-gdpr.
- ↑ Lerman, Rachel (19 August 2021). "T-Mobile hack is a return to the roots of cybercrime". The Washington Post. https://www.washingtonpost.com/technology/2021/08/19/tmobile-breach-data-hacks/.
- ↑ "Indonesia's Tokopedia probes alleged data leak of 91 million users" (in en). Reuters. 2020-05-02. https://www.reuters.com/article/us-tokopedia-cyber-idUSKBN22E0Q2.
- ↑ "IT firm C-Planet fined €65,000 over massive voter data breach" (in en-gb). https://timesofmalta.com/articles/view/it-firm-c-planet-fined-65000-over-massive-voter-data-breach.928486.
- ↑ "Big Basket data breach: email IDs, phone numbers, home addresses of two crore Indians allegedly leaked on the web". Business Insider. https://www.businessinsider.in/tech/news/big-basket-data-breach-email-ids-phone-numbers-home-addresses-of-two-crore-indians-allegedly-leaked-on-the-web/articleshow/82255857.cms.
External links
 |  |
