Israeli security company Cellebrite has suffered a data breach of its website, and as much as 900GB of information has been stolen.
Cellebrite admitted to the breach in a statement on its website which says: “The impacted server included a legacy database backup of my.Cellebrite, the company's end-user licence management system.”
According to news website Motherboard, up to 900GB of information was taken by the hackers, their; report allegedly led to Cellebrite's confession yesterday.
Given Cellebrite's specialty in mobile forensics, such a database of customer information could prove highly lucrative.
However, the firm said the database is an old one – it claims to have migrated to a new system. Despite this, it warned that contact information for people who were registered to receive notifications from the company had been accessed.
The Petach Tikvah-based firm, which is a subsidiary of the Japanese Sun Corporation, is conducting an investigation to determine the extent of the breach and said it was working with the authorities to try to track down the hackers. All customers have been advised to change their passwords.
The company assured customers: "Cellebrite actively maintains an ongoing information security programme and is committed to safeguarding sensitive customer information using best-in-class security countermeasures; once the investigation of this attack is complete, the company will take any appropriate steps necessary to harden its security posture to mitigate the risk of future breaches."
Cellebrite's expertise in mobile forensics is the reason the FBI allegedly approached it and asked for its help in cracking the iPhone 5c of San Bernardino shooter Syed Farook. At the time, the FBI claimed it contained crucial evidence for its investigation.
The phone was eventually broken into, but neither the FBI nor Cellebrite confirmed who carried out the hack. The FBI allegedly paid US$ 1 million for the hack of the iPhone.