Securus is a phone tracking company that helps cops track any phone that is within the US. Quite recently, the company was under a major attack when a hacker successfully entered the system.
According to Motherboard, the hacker may have at least 2,800 login credentials in his possession. It is believed that these credentials were poorly protected and were very easy to crack.
This company can track phones from a number of mobile brands such as Verizon, AT&T, Sprint etc. US law enforcement was using the service to track calls that were being made to prison inmates.
On many occasions, Securus has helped track missing persons by pinpointing their location of their phones and for many this hack comes as a major shock.
How Were The Credentials Weakly Protected?
Investigation revealed that the passwords were hashed and MD5 algorithm was used for protection. MD5 is an old method and was labelled weak for protection. Microsoft had gotten rid of this protection years ago.
The fact that MD5 was used to hash passwords was the reason that this many passwords were hacked.
Motherboard also stated that they received plain text passwords from the data. It is yet to be confirmed if these were cracked by the hacker or stored by the company in this state.
Bottomline
The hacker’s motive is not clear yet, but it looks like he or she might put the data that they got by hacking the phone tracking company for sale. It is important that such companies tighten their security and implement reliable and strong methods of hashing passwords because people’s privacy is on the line here.
Let us know your thoughts below.