- T.I. says Nipsey Hussle’s death was ‘like losing Iron Man’ 1 Year Ago
- Facebook banned billions of fake accounts in the first 3 months of this year 1 Year Ago
- Twitch streamer gets banned for drunkenly passing out during broadcast Today 5:00 PM
- WikiLeaks’ Julian Assange indicted under Espionage Act Today 4:39 PM
- These doctored videos want to make you think Nancy Pelosi is always drunk Today 4:02 PM
- A robot could soon be delivering your packages from a self-driving car Today 3:29 PM
- Bipartisan anti-robocall bill overwhelmingly passes Senate Today 2:40 PM
- Deepfake-style videos can now be made with just a single image Today 1:57 PM
- The Lonely Island’s ‘Bash Brothers’ is what Netflix should be doing with short-form comedy Today 1:55 PM
- ‘Green dress lady’ proves green screen memes are still going strong Today 1:45 PM
- ‘Bowling alley strike screen’ memes are bizarre and wonderful Today 12:40 PM
- TikTok star Mohit Mor shot and killed Today 12:00 PM
- Stephen A. Smith is baby Today 11:43 AM
- Tfue releases statement on FaZe Clan lawsuit, says his contract is ‘f*cked’ Today 11:34 AM
- People are using an app to out gropers on Japan’s subway Today 11:24 AM
Thousands of login credentials were exposed.
A hacker appears to have successfully broken into the servers of Securus, a company that offers powerful tool for tracking civilians and monitoring inmates to law enforcement departments across the country.
During the breach, the hacker was able to access the login information of thousands of Securus’ clients and provided part of the stolen data to Motherboard, where journalists were able to verify the authenticity of credentials using the site’s password recovery option.
One spreadsheet pulled from the database holds the usernames, email addresses, cryptographically stored passwords, and security information of more than 2,800 accounts. Some of the passwords appeared to have been cracked and it was unclear if they had been stored insecurely in this way on the Securus system.
Government departments and law enforcement authorities from different cities and counties were affected by the hack, which also revealed login information for users with roles such as “prison captain” and “deputy warden.”
“The PII [personally identifying information] exposure in the (still) public user guide raises on question: does Securus have the culture and the procedures in place to protect sensitive PII? The answer appears to be no,” Professor Thomas Rid of Johns Hopkins University told Motherboard.
News of the breach comes just one week after the New York Times profiled the Dallas-based firm and how it sources its data from a range of major telecommunications providers, utilizing a loophole in privacy law to offer warrantless location tracking of mobile devices.
The hacker told Motherboard that the hack was not difficult and that Securus’ security was poor, which alarmed Sen. Ron Wyden (D-Ore.) given the nature of the firm’s business.
“If this account is true, it demonstrates, yet again, that Securus is failing cybersecurity 101, in total disregard for the privacy of the Americans whose communications and private data it should be protecting,” he said, criticizing the offer of warrantless tracking as both “abusive and potentially unlawful.”
Securus did not respond to requests for comment.
David Gilmour is a reporter who specializes in national politics, internet culture, and technology. He previously covered civil liberties, crime, and politics for Vice.