Phone hacking firm Cellebrite gets hacked, 900 GB of user data stolen
And now in ironic news, Cellebrite, an Israeli company specializing in data extraction and phone hacking services for governments and law enforcement, has been hacked. Motherboard has obtained 900 GB of the company's data through an undisclosed source and has verified its legitimacy, with the company itself later confirming the data breach.
Cellebrite became famous after being linked to FBI's attempts to hack San Bernadino killer Syed Rizwan Farook's iPhone. Its main product is a device called the Universal Forensic Extraction Device (UFED), whose purpose is extracting data from locked mobile phones. According to Motherboard, the data appears to come partly from the company's my.cellebrite domain, the user section of their website, and includes pieces of evidence from hacked mobile phones, along with usernames and passwords for accessing the company's website.
The company issued a statement on its website confirming the data breach and stating that an investigation is underway. The press release claims the stolen information is from an older account database and includes basic contact information of some users and hashed passwords of those who haven't yet migrated to the newer system. The company is currently contacting affected customers, but still advises all users to change their passwords as a precaution.
The data leak reveals that, besides its ties to US law enforcement, the company has also worked for countries such as Russia, Turkey and the United Arab Emirates. While these countries are known for their authoritarian practices, the type of services Cellebrite has performed for them isn't yet publicly known.