Securus Technologies, Assisting Authorities Track Prisoners’ Phone-Calls, Victim of Hack

Motherboard reports that Securus Technologies Inc., an organization, which provides services to U.S. prisons seeking to trace down phone-calls to inmates and monitor them, is now itself a victim of hack.

Nothing is clear about the time of the hack, although according to the report, clues suggest that 2,800-or-more logins as well as insufficiently encrypted passwords of clients have been stolen from an Excel file, with a few by now deciphered as well as tested for veracity.

When carrying out the hack, the attacker managed in reaching the login credentials belonging to innumerable Securus customers while handed over the filched information, in part, to Motherboard that then validated the credentials' veracity with aid of the website's option for password recovery.

An Excel file extracted from the information record contains usernames, passwords stored cryptographically, e-mail ids along with security information associated with over 2,800 accounts. The hackers apparently cracked a few passwords and it wasn't clear whether they'd been saved so unsafely on Securus' computer. Dailydot.com posted this online dated May 16, 2018.

By utilizing forgotten password option on Securus' website, Motherboard was able to substantiate the data. If any improper e-mail address was typed, the website displayed a message of error. However, if it was typed with an e-mail address and username that were listed inside the breached database, the website continued for password reset, substantiating the storage of those credentials in Securus' computers. Each credential pair that Motherboard tried turned out successful. Telling Motherboard about the breach, the hacker said it wasn't difficult because Securus had weak security.

On May 10, The New York Times reported about Securus Technologies that does a monitoring exercise of phone-calls to prisoners in USA agreed to provide its service to an ex-Missouri sheriff for doing a watch over people's phones as also tracing of their locations. Sen. Ron Wyden (D-Ore) therefore has asked for a federal investigation into the company as well as its practices since the issue was about people's privacy.

Worryingly, it means any con actor can utilize these logins for discovering the phones' locations once the company tracks those phones.

» SPAMfighter News - 5/25/2018