January 13, 2017
Cellebrite made the news several times in the last 12 months or so, pretty much because of the company’s phone hacking capabilities and its involvement in the San Bernardino scandal when it was asked to break into the iPhone used by a terrorist.
This time, however, Cellebrite is making the headlines because of a different reason: it got hacked, and attackers managed to steal no less than 900 gigabytes of data.
Motherboard says in a report that it was directly contacted by the hacker and provided with the 900 GB of data, which includes technical information and log files, but also messages from governments in a series of countries, such as Russia and Turkey. It’s believed that authorities in these countries were particularly interested in Cellebrite’s phone hacking tech.
While the name of the hacker has not been revealed, Cellebrite said in a statement that one of its servers indeed suffered a breach and only basic information of customers was exposed. Cellebrite claims that there’s no risk associated with the hack, but it recommends its clients to change their passwords anyway.
Cellebrite: Customers are secure
According to the aforementioned source, the leaked information included usernames and passwords, as well as emails used to authenticate to Cellebrite’s my.cellebrite domain.
“Cellebrite recently experienced unauthorized access to an external web server. The company is conducting an investigation to determine the extent of the breach. The impacted server included a legacy database backup of my.Cellebrite, the company’s end user license management system,” the company said in a statement.
“The company had previously migrated to a new user accounts system. Presently, it is known that the information accessed includes basic contact information of users registered for alerts or notifications on Cellebrite products and hashed passwords for users who have not yet migrated to the new system. To date, the company is not aware of any specific increased risk to customers as a result of this incident; however, my.Cellebrite account holders are advised to change their passwords as a precaution.”