Sarit Yerushalmi
Sarit Yerushalmi is an experienced security researcher at Imperva. Her research mainly focuses on application security and APIs. She analyzes traffic to detect new threats, writes security blogs and talks at conferences. Some of her work has been presented at security conferences such as Botconf, Bsides TLV, NorthSec, and Kernelcon.
Session
In an age where personal data leaks never truly disappear, a single overlooked detail can become the key to an entire attack chain. This talk follows that detail’s journey - from forgotten breaches, through shadowy online markets, and into the center of a SIM swap.
We’ll explore how decades-old leaks in Israel, repackaged and made accessible through Telegram bots tied to drug dealers' activities, collide with authentication practices still common worldwide. Along the way, we’ll uncover how trust in familiar, everyday online interactions can be weaponized in unexpected ways. What begins as an ordinary user action ends with the attacker holding the final piece needed to take over a victim’s phone number and access everything tied to it.
The technique is simple. The consequences are global. And the path from click to compromise may not be what you expect.