FBI-helping phone-cracking firm Cellebrite hit by 900GB hack
Cellebrite -- the Israeli security company famed for helping the FBI crack the iPhone at center of the San Bernardino case -- has been hit by hackers. The attack resulted in the theft of 900GB of data.
While the website Motherboard -- which was handed a copy of the data -- reports that "the cache includes customer information, databases, and a vast amount of technical data regarding Cellebrite's products", the company has downplayed the incident.
Cellebrite confirmed that illegal access to an external server had been detected, and indicated that an investigation is underway. But while Motherboard says that the data dump "includes alleged usernames and passwords for logging into Cellebrite databases connected to the company's my.cellebrite domain", Cellebrite says it is a "legacy database backup" that was breached.
In a post on its website, Cellebrite expresses doubt about the significance of the hack, saying that customers are not at increased risk as a result:
Cellebrite recently experienced unauthorized access to an external web server. The company is conducting an investigation to determine the extent of the breach. The impacted server included a legacy database backup of my.Cellebrite, the company’s end user license management system. The company had previously migrated to a new user accounts system. Presently, it is known that the information accessed includes basic contact information of users registered for alerts or notifications on Cellebrite products and hashed passwords for users who have not yet migrated to the new system. To date, the company is not aware of any specific increased risk to customers as a result of this incident; however, my.Cellebrite account holders are advised to change their passwords as a precaution.
Cellebrite actively maintains an ongoing information security program and is committed to safeguarding sensitive customer information using best in class security countermeasures. Once the investigation of this attack is complete, the company will take any appropriate steps necessary to harden its security posture to mitigate the risk of future breaches.
Cellebrite is in the process of notifying affected customers.
The company is working with relevant authorities regarding this illegal action and are assisting in their investigation.
Analysis of the data suggests that the hack took place sometime last year. Motherboard says that it was able to verify the account details included in the data cache, and in some cases was able to use this information to create accounts on Cellebrite's customer login portal.