Forensics firm Cellebrite suffered a data breach following an unauthorized access to an external web server.
The Israel-based company is still investigating the attack. They are also notifying affected customers, and advising them to change their passwords.
“The impacted server included a legacy database backup of my.Cellebrite, the company’s end user license management system. The company had previously migrated to a new user accounts system. Presently, it is known that the information accessed includes basic contact information of users registered for alerts or notifications on Cellebrite products and hashed passwords for users who have not yet migrated to the new system,” the company said.
The confirmation came a few hours after the Motherboard publication released general information about 900 GB of data they obtained.
“The data appears to have been taken, at least in part, from servers related to Cellebrite’s website. The cache includes alleged usernames and passwords for logging into Cellebrite databases connected to the company’s my.cellebrite domain,” the publication said in a post. “The dump also contains what appears to be evidence files from seized mobile phones, and logs from Cellebrite devices.”
The hacker that shared the data with the publication and is apparently behind the breach also said access to the compromised servers has been traded among hackers in IRC chat rooms, so it’s possible that other persons have exfiltrated potentially sensitive data.