An irony of fate, the Israeli mobile phone data extraction company Cellebrite was hacked. The company went in the headlines in the dispute between Apple and the FBI in the case of the San Bernardino shooter’s iPhone.
On Thursday, Vice Motherboard reported that an unnamed contacted it to provide the 900GB database belonging to Cellebrite. Basic contact information for users that were registered to receive notifications from the firm has been exposed along with hashed passwords and technical data regarding Cellebrite’s products.
The main product of the company is the Universal Forensic Extraction Device (UFED), an equipment that can rip data (i.e. SMS messages, emails, call logs) from a huge number of different models of mobile phones.
Cellebrite issued a statement to inform its customers of the data breach that affected an “external web server” containing the company’s license management system. An unauthorized third party broke into the company systems.
According to the firm the hackers accessed a legacy archive no more in use because the company has migrated to a new system.
The Israeli firm has advised all its customers to change their passwords.
“Cellebrite recently experienced unauthorized access to an external web server. The company is conducting an investigation to determine the extent of the breach. The impacted server included a legacy database backup of my.Cellebrite, the company’s end user license management system.” states the statement issued by the company.
Motherboard verified the email addresses in the archive by attempting to create accounts on the company portal.
“In the majority of cases, this was not possible because the email address was already in use. A customer included in the data confirmed some of their details.”
The hack revealed an uncomfortable truth, Cellebrite also works states with a questionable human rights records.
“In addition, the trove of materials contains “customer support tickets” showing that the Israeli company sells its services to countries with questionable human rights records, including Turkey, Russia, and the United Arab Emirates.” reported Ars.
(Security Affairs – Cellebrite , data breach)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.