Hudson Rock
Israeli cybersecurity company
From Wikipedia, the free encyclopedia
Hudson Rock Limited is an Israeli cybersecurity company headquartered in Tel Aviv specialized in infostealer malware.[1][2][3][4] Hudson Rock was co-founded in 2020 by Alon Gal, who previously worked in Unit 8200 of the Israeli Defense Forces and Roi Carthy, a technology industry businessman.[5] Hudson Rock has identified data breaches involving personal information from companies including Facebook,[6] Twitter,[7] Airbus,[8] Telefónica,[1][9] Samsung Electronics,[10] Jaguar Land Rover and Telefónica.[5][11][12] In 2024, Hudson removed a report about Snowflake after legal pressure.[13]
| Company type | Private |
|---|---|
| Industry | Cybersecurity |
| Founded | 2020 |
| Headquarters | Tel Aviv, Israel |
Key people |
|
| Products | Cavalier, Bayonet |
| Services | Cyber threat intelligence |
Number of employees | 2–10 (2025) |
| Website | hudsonrock |
Alon Gal
Alon Gal (Hebrew: אלון גל; b. 1996) is an Israeli cybersecurity expert and entrepreneur. He is the co-founder and chief technology officer of Hudson Rock,[14]
One of Gal's contributions to the industry was to uncover a massive data breach that affected over 533 million Facebook users.[3] The breach included users' phone numbers, email addresses, birthdays, and other personal information. Gal was the first to report the breach, which ultimately led to a $276 million fine for Facebook from the Irish Data Protection Commissioner for violating General Data Protection Regulation laws.[15]
In addition to the Facebook breach, Gal also played a role in uncovering a 2023 data breach that affected over 200 million Twitter users. The breach involved user information, including email addresses, usernames, and other personal information.[2]
Gal's work has also led to the uncovering of other significant data breaches, including a T-Mobile breach that exposed the personal information of 40 million customers.[16]
For a period of time between 2019 and 2021, Gal operated a pseudo-anonymous Twitter account and a Medium (website) blog called Under The Breach, the account gained popularity for the uncovering of several additional data breaches such as the 91 million Indonesian Tokopedia users data leak,[17] the 337,000 Maltese voters database leak which resulted in a 65,000 euro fine,[18] and the 20 million BigBasket users data leak.[19]