Cellebrite, an anti-hacking company from Israel, has recently sustained a 900GB data security breach. The stolen data was shared with Motherboard, a website that has been trying to find out whether Cellebrite’s phone-cracking technology has been used immorally.
According to Motherboard, the law-enforcement agencies from the US have made some serious investments in the tech, but Cellebrite might have also sold its wares to Turkey, Russia, and the United Arab Emirates. The last three countries are known for having abysmal human-rights records, which makes Cellebrite’s choice of customers rather questionable.
On Thursday, Cellebrite made a statement, revealing that the hackers got their hands on a legacy database. The stolen data includes the basic contact information for users who opted to receive notifications on Cellebrite products. The hackers also got away with hashed passwords who had not migrated to the new user-accounts system.
Cellebrite advised the account holders to change their passwords, although the company is not aware of any increased risk to customers that is directly tied with the breach.
Gary Davis, a consumer security expert working for Intel Security, mentioned that it is a common thing for hackers to target security companies. This sends a message that every company is vulnerable to an attack.
Beth Givens, executive director at Privacy Rights Clearinghouse, advised the victims to be on alert for potential phishing attacks.
In practice, only time will tell in what way the stolen data will be (mis)used. Tony Gauda, chief executive of ThinAir, believes the stolen data could be harnessed in a multitude of ways.