- Up to 20 states are banding together to probe Facebook, Google 1 Year Ago
- Get your tinker on with the Electronic Games Advent Calendar 1 Year Ago
- Why Joe Biden has big Jeb Bush energy 1 Year Ago
- Trump quotes conspiracy theorist saying he’s the ‘second coming of God’ Today 9:04 AM
- Parkland teens announce massive gun reform proposal Today 9:04 AM
- Here’s how you can get a free palm reading online Today 8:48 AM
- ‘The Matrix 4’ is happening with Keanu Reeves and Carrie-Anne Moss Today 7:17 AM
- Fantasy football 2019: Your team-by-team NFC preview Today 7:00 AM
- The 10 best science podcasts to teach you about our world Today 6:00 AM
- How to make sure you have access to every Instagram filter Today 6:00 AM
- Trump accuses Jewish Democrats of having ‘great disloyalty’ or a ‘lack of knowledge’ Tuesday 8:02 PM
- 1 million ‘anonymous’ users of popular porn site exposed in breach Tuesday 6:56 PM
- Khloé Kardashian angers followers with a calorie-counting joke about True Tuesday 6:14 PM
- Spider-Man may no longer be part of the Marvel Cinematic Universe Tuesday 5:28 PM
- Robert De Niro’s company is suing ex-employee for binge-watching Netflix at work Tuesday 4:41 PM
A hacker appears to have successfully broken into the servers of Securus, a company that offers powerful tool for tracking civilians and monitoring inmates to law enforcement departments across the country.
During the breach, the hacker was able to access the login information of thousands of Securus’ clients and provided part of the stolen data to Motherboard, where journalists were able to verify the authenticity of credentials using the site’s password recovery option.
One spreadsheet pulled from the database holds the usernames, email addresses, cryptographically stored passwords, and security information of more than 2,800 accounts. Some of the passwords appeared to have been cracked and it was unclear if they had been stored insecurely in this way on the Securus system.
Government departments and law enforcement authorities from different cities and counties were affected by the hack, which also revealed login information for users with roles such as “prison captain” and “deputy warden.”
“The PII [personally identifying information] exposure in the (still) public user guide raises on question: does Securus have the culture and the procedures in place to protect sensitive PII? The answer appears to be no,” Professor Thomas Rid of Johns Hopkins University told Motherboard.
News of the breach comes just one week after the New York Times profiled the Dallas-based firm and how it sources its data from a range of major telecommunications providers, utilizing a loophole in privacy law to offer warrantless location tracking of mobile devices.
The hacker told Motherboard that the hack was not difficult and that Securus’ security was poor, which alarmed Sen. Ron Wyden (D-Ore.) given the nature of the firm’s business.
“If this account is true, it demonstrates, yet again, that Securus is failing cybersecurity 101, in total disregard for the privacy of the Americans whose communications and private data it should be protecting,” he said, criticizing the offer of warrantless tracking as both “abusive and potentially unlawful.”
Securus did not respond to requests for comment.
David Gilmour is a reporter who specializes in national politics, internet culture, and technology. He previously covered civil liberties, crime, and politics for Vice.