Yes, Cellebrite Hacked: In an unusual case of hackers becoming victims, an anonymous hacker breached a popular mobile hacking service known for providing surveillance solutions and miningof data to government agencies.
The Motherboard reports that the attacker managed to obtain 900GB data from Israeli company Cellebrite, including customer credentials, databases and technical data of the company's products.
Cellebrite has developed the Universal Forensic Extraction Device (UFED), which has the ability to receive data from a wide range of smartphones. Once connected, the UFED can retrieve multiple data, such as SMS, e-mail, and call logs.
The Israeli company supposedly supplies government services to the US, and its authoritarian regimes Russias, the United Arab Emirates and Turkey.
The Motherboard has confirmed that stolen data is genuinely authentic. According to the publication, the information appears to have been recovered from the Cellebrite customer segment, from where users can access new software updates.
In addition to user passwords and databases, the breach allegedly includes logs from devices that Cellebrite "broke" as well as evidence files from confiscated mobile devices.
The company has since confirmed the violation on its website and advised its customers to change their code:
“Η Cellebrite γνώρισε πρόσφατα μια μη εξουσιοδοτημένη πρόσβαση σε έναν εξωτερικό διακομιστή της. Η εταιρεία διεξάγει research για να προσδιοριστεί η έκταση της παραβίασης.
It is currently known that the leaked information includes basic user contact information that has been registered for notifications or notifications for Cellebrite products and hashed passwords for users that have not yet been transferred to the new system. To date, the company is not aware of any specific increased risk to its customers as a result of this event. However, my.Cellebrite account holders are encouraged to change their passwords as a precaution. "
In a similar case since last year, PhineasFisher hacker violated two surveillance services involved in providing hacking applications designed for espionage to unsuspecting citizens in various government agencies.
PhineasFisher then leaked the stolen data to Internet, while the Cellebrite attacker is reportedly taking a more cautious approach, giving the information only to Motherboard and a select few people in IRC chat rooms.
