Israeli phone hacking firm Cellebrite confirms ‘information security breach’
Cellebrite is currently conducting an investigation into the breach of an external web server which contained basic customer contact information as well as hashed passwords for existing clients.
Vice’s Motherboard claims to have obtained 900GB of data from the hack directly from the person responsible.
Unlike previous hacks, the information has not been leaked online, with the hacker quoted as saying: “It's one thing to slap them, it's a very different thing to take pictures of [their] balls hanging out.”
Cellebrite has stressed that there is no heightened risk to customers as a result of the breach, but asked account holders to change their passwords as a standard precaution. It is currently in the process of notifying affected customers and is in talks with the relevant authorities over the breach, according to a company statement on Thursday.
“The impacted server included a legacy database backup of my.Cellebrite, the company’s end user license management system,” the statement read. “The company had previously migrated to a new user accounts system. Presently, it is known that the information accessed includes basic contact information of users registered for alerts or notifications on Cellebrite products and hashed passwords for users who have not yet migrated to the new system.”
The Israeli company is a wholly owned subsidiary of Japan’s Sun Corporation, which saw a minor dip in share price in early morning trading.
Cellebrite is known for its Universal Forensic Extraction Device (UFED), a laptop-sized piece of hardware capable of ripping data ranging from text messages and call logs, to emails and contact information from thousands of different mobile phone models.
The company, which positions itself as a market leader in digital forensics, boasts 40,000 UFED licenses in 100 countries, with clients ranging from law enforcement, intelligence services and military to the private sector, according to its website.
Reuters previously reported that Cellebrite was the company responsible for accessing the iPhone used by one of the San Bernardino shooters at the behest of FBI, following a lengthy court battle between Apple and the US Justice Department.
When asked by Motherboard what the motivation for the hack was, the unidentified hacker pointed to recent changes in surveillance legislation as the push to accessing Cellebrite’s systems.