Israeli firm Cellebrite, the popular company that provides digital forensics tools and software to help law enforcement access mobile phones in investigations, has had 900 GB of its data stolen by an unknown hacker.
Meanwhile, Cellebrite also admitted that it recently experienced “unauthorized access to an external web server,” and said that it is “conducting an investigation to determine the extent of the breach. The impacted server included a legacy database backup of my.Cellebrite, the company’s end user license management system.”
The 900 GB of stolen archive also includes login data (usernames and passwords) of Cellebrite customers, which suggests that it has been taken from the web servers related to Cellebrite’s site.
On the other hand, the hacker did not clearly state the actual extent of what he/she had done to Cellebrite’s systems.
“I can’t say too much about what has been done,” the hacker told Motherboard. “It’s one thing to slap them, it’s a very different thing to take pictures of [their] balls hanging out.”
Cellebrite is known for its powerful hacking tool Universal Forensic Extraction Device (UFED) that help investigators bypass the security mechanisms of mobile phones, especially iPhones, and extract all data, including SMS messages, emails, call logs and passwords from them.
Just a few months back, Cellebrite’s most sensitive in-house capabilities were made public by one of its products’ resellers, who distributed copies of Cellebrite’s firmware and software for anyone to download.