Overview of YayaSoft (YayaSoft Group)
YayaSoft, also known as the YayaSoft Group, is an Israeli software company headquartered in Bnei Brak, Israel (168 Jabotinsky Road). It specializes in developing digital solutions for the tourism industry and election management, with a strong emphasis on pioneering online and automated systems. The company has built a global presence through agents and R&D centers in countries including Argentina, Kyrgyzstan, the Czech Republic, England, and Colombia. Led by CEO Yair Chen, a software engineer with deep expertise in technical and business aspects of digital markets, YayaSoft employs 11-50 people and maintains an agile development team focused on technologies like .NET, AngularJS, NHibernate, mobile apps, and SQL databases. While it offers outsourcing services for startups worldwide, elections have become its major field of operation.
Beginnings and Founding
YayaSoft was founded in 1997 in Bnei Brak, Israel, emerging from a need for innovative business software in untapped digital markets. The company's early vision centered on digitizing paper-based processes in sectors like tourism and democracy. By 1999, it had already achieved a pioneering milestone by launching LogiVote, its flagship election platform, which commercially introduced computerized voting systems and voter relationship management (VRM) tools—creating an entirely new market for digital election campaigns in Israel. This predated widespread adoption of such technologies globally.
The founding ethos, as described by leadership, emphasized creativity, diligence, and long-term innovation. Yair Chen, the current CEO, has been instrumental since the early days, drawing on his background as a software engineer to bridge technical development with practical market needs. The company started small, with a family-like culture where managers foster personal connections among employees, prioritizing long-term commitment and sensitivity to team needs.
Development and Milestones
Over nearly three decades, YayaSoft has evolved from a niche Israeli developer into a global player, continuously adapting to technological shifts like AI integration, mobile apps, and real-time data analytics. Its development approach involves in-house R&D teams that iterate on products dynamically, responding to market changes and client feedback. The company has expanded beyond core products into outsourcing, partnering with startups on custom projects while maintaining a focus on efficiency and security in high-stakes environments like elections.
Key milestones include:
| Year |
Milestone |
| 1997 |
Company founded in Bnei Brak, Israel, with initial focus on business software for emerging digital markets. |
| 1999 |
Launch of LogiVote platform, pioneering commercial digital voting and VRM systems; creates new market for election campaign tools in Israel. |
| 2003–2006 |
LogiVote supports primaries for major Israeli parties and is deployed in Israel's Knesset elections, integrating voter databases for real-time monitoring. |
| 2005 |
Becomes Israel's leading election software developer; expands into international deployments and tourism software (e.g., first online hotel booking systems with digital agent management). |
| 2012 |
Handles voting for Israel's Labor Party primaries, despite reported technical glitches highlighting challenges in early computerized systems. |
| 2020 |
Security breach exposed in Likud Party's campaign app (powered by YayaSoft), prompting regulatory scrutiny; leads to enhanced data security features. |
| 2023–2025 |
Integrates AI-powered analytics, automations, and mobile apps (e.g., Victory App); deploys in international elections, including in Africa and Europe; celebrates 25+ years with global agent network. |
YayaSoft's growth has been marked by resilience, including navigating election-day disruptions (e.g., last-minute cancellations) and evolving from static software to dynamic, cloud-based platforms. Today, it operates R&D centers worldwide and markets through regional agents in Europe, the USA, Asia, Africa, and South America.
Products, with Focus on Election Systems
YayaSoft's portfolio spans tourism (e.g., hotel booking and agent management systems) and custom outsourcing, but its election-related products under the LogiVote brand dominate, accounting for the majority of its activity. LogiVote is a comprehensive, cross-platform suite designed to boost voter turnout, manage campaigns, and secure voting processes. It supports everything from grassroots mobilization to national-scale operations, collaborating with political consultants, HR agencies, hardware providers, and IT firms for large projects.
Key Election Products:
-
LogiVote VRM (Voter Relationship Management): Core platform for campaign headquarters. Features include deep electorate analysis, personalized outreach (emails/SMS), polling, social media integration, and real-time dashboards. It processes voter characteristics, tracks supporter interactions, and automates strategies to maximize turnout.
-
Digital and Web-Based Voting Systems: Secure, easy-to-use tools for in-person or remote voting. Voters can cast ballots at any center during election day, with features for tallying votes, transmitting results in real-time, and monitoring incidences. Includes pre-election voter information sites to prepare and educate electorates.
-
Victory App: Mobile app dubbed the "Tinder of Politics" for activist engagement. Allows direct voter contact (calls, messages, position marking), gamification (earn points for interactions, post-election rewards), advanced search, and syncing with VRM systems. Privacy-first design with device contact integration.
-
Election Day Module: Real-time coordination tools, including apps for poll observers, activists, and HQ teams. Supports ride offers, reminders, and field reporting to ensure 100% potential voter mobilization.
-
Additional Tools: AI-powered surveys for strategy adaptation, donation page builders (credit card processing, automated receipts), call-center management, landing pages, and smart automations.
These products emphasize security (e.g., data encryption, privacy compliance) and scalability, from local races to national elections. Non-election offerings include tourism booking engines and general software development services.
Customers
YayaSoft's clients span political parties, candidates, non-profits, and organizations worldwide, with a service-oriented model that customizes tools for specific needs. It has powered elections in Israel and internationally, often through partnerships for "mega-projects" like national votes. Customer feedback drives iterations, and the company highlights record turnouts and wins as testimonials.
Notable customers and use cases:
-
Israel:
- Labor Party (2012 primaries): Managed computerized voting, though glitches were reported.
- Likud Party (2020 campaigns): Used for management app; a data breach exposed voter info, leading to regulatory action.
- Institute of Certified Public Accountants: Achieved record voter turnout via digital systems.
- Major parties' primaries (2003–2006): Supported Knesset election tools.
-
Georgia (country): Georgia Dream (governing party) used LogiVote VRM for live field surveys and data analysis, contributing to their election win.
-
Africa: Deployed for real-time vote tallying, supporter tracking, and result transmission in various national elections.
-
Europe: Tools used in campaigns across multiple countries, including AI-supported communication strategies (e.g., presented at Berlin Campaign Conference).
-
Other: Private candidates, non-profits, and organizations globally; marketed to parties via agents in Asia, South America, and beyond. Examples include mayoral races focusing on supporter mobilization and grassroots apps.
YayaSoft continues to seek partners for expansion, emphasizing tools that "win elections the digital way." While successes like Georgia Dream's victory are touted, past issues (e.g., 2012 glitches, 2020 breach) underscore ongoing improvements in reliability and security.
Detailed Analysis of LogiVote Security Breaches
Introduction to LogiVote and Security Context
LogiVote, developed by Israel's YayaSoft Group, is a comprehensive voter relationship management (VRM) platform and suite of election tools, including mobile apps like Elector, designed for campaign management, voter outreach, and real-time data processing. While LogiVote has been praised for digitizing elections and boosting turnout, its security has faced scrutiny, particularly in high-stakes environments involving sensitive voter data. To date, the most significant and well-documented security incident linked to LogiVote/YayaSoft is the February 2020 data exposure tied to the Elector app, used by Prime Minister Benjamin Netanyahu's Likud party. No major breaches have been publicly reported since then, based on extensive searches up to September 2025. This analysis focuses on that incident, examining its mechanics, impacts, responses, and implications for election software security.
The 2020 Elector App Data Exposure: Chronology and Details
The breach occurred in early February 2020, just three weeks before Israel's March 2 parliamentary elections, amid a politically charged repeat vote following two inconclusive elections in 2019. The Elector app, powered by YayaSoft, was deployed by Likud to facilitate voter engagement, including sending personalized SMS messages, tracking election-day presence, and enabling grassroots activists to access voter databases for targeted outreach.
-
Discovery: On February 7, 2020, software developer Ran Bar-Zik received an anonymous tip via his podcast, including his son's personal details from the voter registry. Investigating further, Bar-Zik identified a vulnerability in the app's backend website. He notified YayaSoft on Friday evening, February 7; the flaw was patched by Saturday evening, February 8. Bar-Zik publicly disclosed the issue in Haaretz on Sunday, February 9, after confirming the fix.
-
Scope of Exposure: The incident exposed the personal data of all 6,453,255 eligible Israeli voters—nearly the entire adult population. This included full names, home addresses, identity card numbers, cellphone numbers, sex, and even political polling responses collected by Likud. A second, related leak involved faulty protections in Elector's system for registering election-day observers, further compromising activist-accessible data. The data was accessible for at least 24 hours (and potentially longer), downloadable in bulk without authentication.
-
Contextual Factors: Likud had legally obtained the official voter registry from the Central Elections Committee, a standard practice for all parties. However, the party augmented this with proprietary polling data and shared it via Elector with thousands of activists, amplifying the risk. This was not an external hack but an internal misconfiguration, described by Bar-Zik as a "very simple, very stupid hack" that even non-experts could exploit.
Technical Analysis: How the Breach Occurred
The vulnerability stemmed from basic web development oversights in Elector's online interface, highlighting systemic issues in rapid-deployment election software:
-
Root Cause: The app's website exposed its source code publicly, allowing anyone to inspect it via browser developer tools. Embedded within the code were hardcoded system administrator credentials (usernames and passwords). Using these, attackers could log in to the backend dashboard and export the entire voter database as downloadable files (e.g., CSV or Excel formats). No advanced tools like SQL injection or zero-day exploits were needed—just basic web inspection.
-
Contributing Factors:
-
Lack of Input Sanitization: Credentials were not obfuscated or dynamically generated, violating basic secure coding practices.
-
Inadequate Access Controls: The admin panel lacked role-based permissions, IP whitelisting, or multi-factor authentication (MFA), making it wide open once credentials were obtained.
-
No Monitoring or Logging: There was no evidence of real-time anomaly detection, which could have flagged unauthorized bulk downloads.
-
Deployment Haste: As an off-the-shelf tool customized for Likud, Elector prioritized speed and functionality (e.g., real-time SMS and data-crunching) over layered security, a common pitfall in election tech rushed for deadlines.
This type of "configuration error" breach is prevalent in SaaS platforms handling sensitive data, akin to leaving "keys under the doormat." Cybersecurity experts noted it as unsophisticated compared to state-sponsored attacks (e.g., those by Iran or Russia targeting Israeli infrastructure), but devastating due to the dataset's scale.
| Vulnerability Type |
Description |
Severity (CVSS Equivalent) |
Mitigation Gap |
| Hardcoded Credentials |
Admin logins visible in client-side code |
High (8.1) |
Use environment variables or secret managers |
| Exposed Admin Panel |
No auth barriers post-credential access |
Critical (9.1) |
Implement MFA and session timeouts |
| Bulk Data Export |
Unrestricted downloads without audits |
High (7.5) |
Rate limiting and export logging |
| Source Code Exposure |
Public web inspectability |
Medium (6.5) |
Server-side rendering and code minification |
Impacts and Risks
The exposure posed immediate and long-term threats, though no confirmed exploitation (e.g., identity theft or targeted phishing) has been publicly linked to it as of 2025:
-
Immediate Risks: High potential for voter harassment, doxxing, or manipulation. For instance, addresses could enable physical intimidation, while polling data revealed Likud supporters' identities, risking backlash. Senior judges and law enforcement officials' details were also leaked, raising national security concerns.
-
Long-Term Ramifications:
-
Identity Theft: Exposed ID numbers and phones facilitated fraud, such as fake registrations or financial scams.
-
Electoral Integrity: In a polarized election, the data could fuel disinformation or voter suppression campaigns.
-
Erosion of Trust: Occurring during Netanyahu's corruption trials, it fueled opposition narratives of Likud's recklessness, contributing to a minor turnout dip (though Likud still formed a coalition).
Quantitatively, the breach affected 100% of Israel's voting-age population, making it one of the largest per-capita data exposures globally at the time. A 2020 lawsuit by 20 citizens highlighted "irreparable harm," seeking NIS 1 million in damages for privacy violations under Israel's Protection of Privacy Law.
Responses, Mitigations, and Legal Aftermath
-
Immediate Fixes: YayaSoft patched the flaw within hours of notification, issuing a statement calling it a "one-off incident" and claiming enhanced security (e.g., the app's February 5 update added unspecified protections). They bolstered site defenses post-incident.
-
Likud's Response: The party distanced itself, attributing responsibility to YayaSoft as an "external private provider" serving multiple clients. Likud hired a third-party security firm for a full audit and filed police complaints alleging "criminal attack attempts," though without evidence of downloads by malicious actors.
-
Regulatory and Legal Actions:
- Israel's Privacy Protection Authority (PPA) launched an "oversight procedure" on February 10, 2020, investigating compliance with privacy and election laws. Officials visited YayaSoft's offices.
- The National Cyber Directorate and Central Elections Committee reviewed data handling protocols.
- In March 2020, 20 plaintiffs sued Likud and Elector/YayaSoft in Tel Aviv District Court, alleging negligence equivalent to "leaving keys under the doormat." The suit emphasized Likud's role in populating the database and YayaSoft's failure to secure it. As of 2025, no public resolution is reported, but it pressured reforms.
- Broader reforms: Post-breach, Israel's PPA gained fining powers in 2021, though not retroactively applied here.
No criminal charges were filed, and experts like Tehilla Shwartz Altshuler criticized the PPA's limited enforcement teeth at the time.
Lessons Learned and Broader Implications
The 2020 incident underscores vulnerabilities in third-party election software, where political urgency often trumps security. Key lessons include:
-
Vendor Accountability: Parties must vet providers like YayaSoft beyond functionality, enforcing standards like ISO 27001.
-
Data Minimization: Limit shared data to essentials; Likud's full-registry approach amplified risks.
-
Global Parallels: Similar to U.S. breaches (e.g., 2016 DNC hack), it highlights how misconfigurations—not sophisticated malware—pose the greatest threats. Israel's "Start-Up Nation" cyber prowess makes this an ironic embarrassment, spurring calls for mandatory audits in election tech.
-
Post-2020 Evolution: YayaSoft integrated AI-driven security and privacy-by-design in LogiVote updates (e.g., Victory App's 2023 privacy features). No subsequent breaches suggest improvements, but ongoing geopolitical tensions (e.g., Iranian cyber threats) keep scrutiny high.
In summary, while the breach did not alter the 2020 election outcome, it exposed fragile links in digital democracy, prompting incremental safeguards. Future risks remain if rapid innovation outpaces rigorous testing.
Similar Election Software Companies to YayaSoft/LogiVote
YayaSoft's LogiVote specializes in voter relationship management (VRM), digital voting platforms, campaign analytics, and mobile tools for political parties and elections, with a focus on real-time data, outreach, and security. Below is a comparison of 10 leading similar companies based on 2025 market analyses, prioritizing those offering VRM, campaign management, field organizing, and election tech. The table includes key products, target markets, and notable features, emphasizing scalability for national or grassroots campaigns.
| Company |
HQ |
Products/Services |
Target Market |
Similarities |
Pricing |
|
NGP VAN
|
USA |
NGP VAN CRM, VAN (Voter Activation Network), fundraising tools, SMS/email outreach |
Democratic/progressive campaigns, nonprofits (e.g., DNC, state parties) |
Comprehensive VRM with voter data integration, real-time analytics, and mobilization; supports surveys and targeted messaging like LogiVote's VRM. |
Starts at $45/user/month |
|
NationBuilder
|
USA |
NationBuilder platform (website builder, CRM, email/SMS, volunteer tools) |
Political candidates, advocacy groups (e.g., independent campaigns, NGOs) |
All-in-one election management with voter databases, gamified engagement, and AI analytics; mirrors LogiVote's mobile apps and automations. |
Starts at $34/month + add-ons |
|
Trail Blazer
|
USA |
Trail Blazer CRM, mapping tools, fundraising modules |
Conservative/Republican campaigns (e.g., GOP committees, PACs) |
VRM-focused with voter segmentation, canvassing apps, and real-time dashboards; similar to LogiVote's field coordination and data security emphasis. |
Starts at $100/month |
|
Ecanvasser
|
Ireland (global ops) |
Ecanvasser dashboard, mobile canvassing app, P2P messaging |
Grassroots political teams, unions (e.g., European parties, US locals) |
Mobile-first voter outreach and surveys with GPS mapping; akin to LogiVote's Victory App for activist engagement and turnout tracking. |
Starts at $87/month |
|
Qomon
|
France (global) |
Qomon organizing platform, analytics, digital canvassing |
Progressive campaigns, NGOs (e.g., EU elections, US midterms) |
Real-time voter data and AI-driven strategies; parallels LogiVote's election-day modules for mobilization and incidence monitoring. |
Custom; starts ~$100/month |
|
ISPolitical
|
USA |
ISPolitical finance/CRM, voter database management, compliance tools |
Political treasurers, small campaigns (e.g., local races, PACs) |
Voter list management and targeted comms with compliance focus; similar to LogiVote's secure data handling post-2020 breach improvements. |
Starts at $39.99/feature |
|
GoodParty.org
|
USA |
GoodParty platform, AI-powered VRM, P2P texting |
Independent/third-party candidates (e.g., non-major party races) |
Affordable voter engagement with AI surveys and free texts; echoes LogiVote's grassroots tools but tailored for outsiders. |
Free basic; $10/month premium |
|
Mobilize
|
USA (NGP VAN affiliate) |
Mobilize events/volunteer platform, RSVP tools, integration hub |
Mission-driven orgs, Democratic campaigns (e.g., volunteer networks) |
Volunteer mobilization and event tracking; complements VRM like LogiVote's activist apps, with strong integrations. |
Starts at $100/month |
|
CallHub
|
USA |
CallHub outreach suite, phone/SMS/email, AI analytics |
Global political campaigns (e.g., GOTV efforts in Asia/Africa) |
Multi-channel voter contact and workflow automation; similar to LogiVote's SMS/email personalization and real-time reporting. |
Pay-as-you-go (~$0.07/min calls) |
|
Election Systems & Software (ES&S)
|
USA |
PowerProfile VRM, election management system, voter registration |
US jurisdictions (e.g., 40+ states for voting tech) |
End-to-end election software with data security; broader than LogiVote but overlaps in voter databases and tallying. |
Custom pricing |
