An Israeli mobile forensics firm known for helping police and governments break into and extract data from locked smartphones has itself been hacked.
In a Thursday statement, Cellebrite confirmed it recently experienced “unauthorized access to an external web server,” tacitly verifying a report from Motherboard that 900 GB of data from the company’s servers had been compromised and handed over to the news site.
According to Cellebrite, hackers accessed a legacy database backup of my.Cellebrite, the company’s end user license management system. Though the breached data included the basic contact information of users registered for alerts or notifications and hashed passwords for users who hadn’t yet migrated to the company’s new user accounts system, Cellebrite said it doesn’t believe the incident represents any danger to its customers.
“To date, the company is not aware of any specific increased risk to customers as a result of this incident; however, my.Cellebrite account holders are advised to change their passwords as a precaution,” the company’s statement read.
But while it may not necessarily harm Cellebrite’s clients, the hack has revealed the company might have worked alongside a number of regimes accused of human rights violations.
A subsequent report from Motherboard indicated compromised data included a customer support ticket from Turkey’s national police force as well as messages from various government officials in the United Arab Emirates, Bahrain, and Russia.
The company is also already known to do business with U.S. law enforcement as well.
Early last year, Cellebrite was thrust into the U.S. spotlight when rumors began circulating that it was involved in helping the FBI crack an iPhone used by one of the San Bernardino, Calif., shooters. Though a contract between Cellebrite and the FBI from 2013 was uncovered, the company declined to confirm its involvement in the 2016 case.