Yes, Cellebrite was hacked: In an unusual case where hackers become victims, an anonymous hacker hacked a popular mobile hacking service known for providing surveillance and data mining solutions to government agencies.
The Motherboard reports that the attacker managed to obtain 900GB data from Israeli company Cellebrite, including customer credentials, databases and technical data of the company's products.
Cellebrite has developed the Universal Forensic Extraction Device (UFED), which has the ability to receive data from a wide range of smartphones. Once connected, the UFED can retrieve multiple data, such as SMS, e-mail, and call logs.
The Israeli company is supposed to supply government agencies in the United States and the authoritarian regimes of Russia, the United Arab Emirates and Turkey.
The Motherboard has confirmed that stolen data is genuinely authentic. According to the publication, the information appears to have been recovered from the Cellebrite customer segment, from where users can access new software updates.
Except for the codes access των χρηστών και τις βάσεις δεδομένων, η infringement it also reportedly includes logs from the devices Cellebrite "cracked" as well as evidence files from seized mobile devices.
The company has since confirmed the violation on its website and advised its customers to change their code:
"Cellebrite recently experienced unauthorized access to an external server. The company is conducting an investigation to determine the extent of the breach.
Currently, the leaked information is known to include basic contact information of users who have signed up for notifications or notifications about Cellebrite products and hashed passwords for users who have not yet been migrated to the new system. To date, the company is not aware of any specific increased risk to its customers as a result of this event. However, my.Cellebrite account holders are asked to change their passwords as a precaution.”
In a similar case since last year, PhineasFisher hacker violated two surveillance services involved in providing hacking applications designed for espionage to unsuspecting citizens in various government agencies.
PhineasFisher then leaked stolen data online, while the Cellebrite invader allegedly takes a closer look, giving information only to the Motherboard and a few selected people in IRC chat rooms.
