- Trump-Russia conspiracy theorists think they’ve found secrets in the Mueller report 10 Months Ago
- Report: YouTube is done competing with Netflix, Amazon 10 Months Ago
- Netflix drama ‘Coisa Mais Linda’ explores Bossa Nova clubs and women’s rights in Brazil Today 8:08 AM
- The best ‘Game of Thrones’ memes to get you pumped for season 8 Today 7:30 AM
- Amazon Echo Show (2nd Gen) vs Google Home Hub: Which is better? Today 7:00 AM
- Solange sings along to Ariana Grande on Instagram Stories—and fans are obsessed Today 6:37 AM
- How to stream the entire ’30 For 30′ series for free Today 6:30 AM
- Swipe This! My happiest Facebook Memories are making me miserable Today 6:30 AM
- Musketeers: Welcome to the global Elon Musk fan network Today 6:00 AM
- Lawsuit alleges YouTube’s unboxing videos are ‘abusive’ ads aimed at kids Sunday 3:48 PM
- Dr. Dre shades Lori Loughlin with Instagram flex about his daughter getting into USC Sunday 3:13 PM
- University of Georgia frat’s racist Snapchat video draws campus outrage Sunday 1:21 PM
- Facing criticism for eating fish, vegan YouTube star Rawvana speaks out Sunday 10:47 AM
- Arnold Schwarzenegger chases mini-pony in new TikTok video Sunday 9:19 AM
- Review: ‘Sekiro: Shadows Die Twice’ is a cut above the rest Sunday 8:00 AM
Thousands of login credentials were exposed.
A hacker appears to have successfully broken into the servers of Securus, a company that offers powerful tool for tracking civilians and monitoring inmates to law enforcement departments across the country.
During the breach, the hacker was able to access the login information of thousands of Securus’ clients and provided part of the stolen data to Motherboard, where journalists were able to verify the authenticity of credentials using the site’s password recovery option.
One spreadsheet pulled from the database holds the usernames, email addresses, cryptographically stored passwords, and security information of more than 2,800 accounts. Some of the passwords appeared to have been cracked and it was unclear if they had been stored insecurely in this way on the Securus system.
Government departments and law enforcement authorities from different cities and counties were affected by the hack, which also revealed login information for users with roles such as “prison captain” and “deputy warden.”
“The PII [personally identifying information] exposure in the (still) public user guide raises on question: does Securus have the culture and the procedures in place to protect sensitive PII? The answer appears to be no,” Professor Thomas Rid of Johns Hopkins University told Motherboard.
News of the breach comes just one week after the New York Times profiled the Dallas-based firm and how it sources its data from a range of major telecommunications providers, utilizing a loophole in privacy law to offer warrantless location tracking of mobile devices.
The hacker told Motherboard that the hack was not difficult and that Securus’ security was poor, which alarmed Sen. Ron Wyden (D-Ore.) given the nature of the firm’s business.
“If this account is true, it demonstrates, yet again, that Securus is failing cybersecurity 101, in total disregard for the privacy of the Americans whose communications and private data it should be protecting,” he said, criticizing the offer of warrantless tracking as both “abusive and potentially unlawful.”
Securus did not respond to requests for comment.
David Gilmour is a reporter who specializes in national politics, internet culture, and technology. He previously covered civil liberties, crime, and politics for Vice.