russian hacking
The possible links of the hackers to Russia can be worrying at a time when the investigation into Moscow’s meddling into the presidential elections is deepening. A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin, May 21, 2013. REUTERS/PAWEL KOPCZYNSKI

Cellebrite, the Israeli company that shot into the limelight after it successfully broke into the iPhone belonging to one of the San Bernardino terrorists, is in the news again. This time, the company itself was a target of hacking, and about 900GB of data was stolen from its servers.

The manufacturer of data extraction and analysis devices issued a statement on its website Thursday, in which it said: “Cellebrite recently experienced unauthorized access to an external web server. The company is conducting an investigation to determine the extent of the breach. The impacted server included a legacy database backup of my.Cellebrite, the company’s end user license management system. The company had previously migrated to a new user accounts system. Presently, it is known that the information accessed includes basic contact information of users registered for alerts or notifications on Cellebrite products and hashed passwords for users who have not yet migrated to the new system.”

It also advised account holders to change their passwords as a precautionary measure, and added it would “take any appropriate steps necessary” to reduce the risk of hacks in the future, once its current investigation is over.

The purported hacker responsible for the attack has allegedly given a copy of the stolen data to Vice’s Motherboard, which reported it “includes customer information, databases, and a vast amount of technical data regarding Cellebrite's products.” The hacker also told the website that access to Cellebrite’s systems had been traded among select hackers in IRC chat rooms.

“To be honest, had it not been for the recent stance taken by Western governments no one would have known but us,” the hacker told Motherboard.

Unlike similar hacks in the past, however, the hacker did not post all the Cellebrite data online for the public to access and download. It was also not clear what the whole extent of the breach in the company’s systems was.

“I can't say too much about what has been done. It's one thing to slap them, it's a very different thing to take pictures of [their] balls hanging out,” the hacker said.

According to the data stolen by the hacker, it seems Cellebrite works with numerous governments around the world, including the United States, Russia, the United Arab Emirates and Turkey.

Cellebrite had been contracted by the FBI to hack the iPhone of one of the San Bernardino terrorists after Apple refused to build a backdoor into their devices. The Israeli firm is a subsidiary of Japan’s Sun Corporation.