- Laura Ingraham mocks Rep. Ilhan Omar’s accent in audio clip Sunday 5:46 PM
- #ExposeChristianSchools goes viral after Karen Pence and Covington Catholic School uproars Sunday 4:37 PM
- People have started laundering money on Fortnite Sunday 3:03 PM
- Cardi B claps back at Tomi Lahren’s sarcastic tweet Sunday 1:25 PM
- Twitter may have exposed Android users’ private tweets Sunday 12:13 PM
- Leave Me Alurn is the ‘SNL’ product we wish existed in real life Sunday 10:06 AM
- How to watch ‘Charmed’ online for free Sunday 9:00 AM
- How to watch Patriots vs. Chiefs online for free Sunday 8:15 AM
- This is the ‘Star Wars’ VR experience you’re looking for Sunday 8:00 AM
- ‘Salt Fat Acid Heat’ takes viewers on a journey through the four building blocks of a great dish Sunday 7:00 AM
- How to tell the deep web from the dark web Sunday 7:00 AM
- How to watch the Saints vs. Rams online for free Sunday 6:15 AM
- How to watch ‘Supergirl’ online for free Sunday 6:00 AM
- How to stream the NFL conference championship games Sunday 5:00 AM
- How to watch Barcelona vs. Leganes online for free Sunday 1:00 AM
Thousands of login credentials were exposed.
A hacker appears to have successfully broken into the servers of Securus, a company that offers powerful tool for tracking civilians and monitoring inmates to law enforcement departments across the country.
During the breach, the hacker was able to access the login information of thousands of Securus’ clients and provided part of the stolen data to Motherboard, where journalists were able to verify the authenticity of credentials using the site’s password recovery option.
One spreadsheet pulled from the database holds the usernames, email addresses, cryptographically stored passwords, and security information of more than 2,800 accounts. Some of the passwords appeared to have been cracked and it was unclear if they had been stored insecurely in this way on the Securus system.
Government departments and law enforcement authorities from different cities and counties were affected by the hack, which also revealed login information for users with roles such as “prison captain” and “deputy warden.”
“The PII [personally identifying information] exposure in the (still) public user guide raises on question: does Securus have the culture and the procedures in place to protect sensitive PII? The answer appears to be no,” Professor Thomas Rid of Johns Hopkins University told Motherboard.
News of the breach comes just one week after the New York Times profiled the Dallas-based firm and how it sources its data from a range of major telecommunications providers, utilizing a loophole in privacy law to offer warrantless location tracking of mobile devices.
The hacker told Motherboard that the hack was not difficult and that Securus’ security was poor, which alarmed Sen. Ron Wyden (D-Ore.) given the nature of the firm’s business.
“If this account is true, it demonstrates, yet again, that Securus is failing cybersecurity 101, in total disregard for the privacy of the Americans whose communications and private data it should be protecting,” he said, criticizing the offer of warrantless tracking as both “abusive and potentially unlawful.”
Securus did not respond to requests for comment.
David Gilmour is a reporter who specializes in national politics, internet culture, and technology. He previously covered civil liberties, crime, and politics for Vice.