Prison communication app exposes database with millions of records

Most of us worry about our data getting leaked as individuals not behind bars. Turns out, prison inmates also need to be on the lookout.

In the latest, Comparitech has revealed a new report detailing how a company named Telmate running a service that is used by prisoners for communicating with the outside world has leaked a database containing their data.

This data involves private messages; call logs including the call duration & time; account balances; personal information of both the sender and recipient such as:

Full names
DOBs
Gender
Email addresses
Physical addresses
Text messages
IP addresses and much more with the number of records amounting in millions.

As atypical, the database was exposed without a password in a bid to be consistent with bad security practices. Screenshot shared by Comparitech shows the structure of leaked data:

The good thing though is that when the researcher contacted its parent company named Global Tel Link on 13th August, they got a response within a quick 2 hours with the database being secure in a mere 1.

This was indeed fast reflecting a good approach from the company. However, concerns remain as to if someone else got access to the database during the period in which it was exposed. If yes, this could turn out to be both mildly and very dangerous as enemies of the prisoners could use their data to blackmail their loved ones outside and in further harming the inmate as well.

In a blog post, Comparitech’s Paul Bischoff addressed the dangers of this data leak to inmates and their families, stating that:

The exposed data could endanger inmates, their friends, and their families if it ends up in the wrong hands. A person could be at risk of retaliation for their incarcerated family member’s crime or some other transgression. […] Inmates and their contacts could also be at risk of targeted fraud and phishing using the emails and phone numbers contained in the database.

To conclude, as it is well known, an exposed database gets picked up by attackers usually within a few hours. Telmate is extremely fortunate that they were quickly alerted and therefore could take the appropriate action.

See: Man hacks prison computers & alters records for pal’s early release

In the future, it would help if they revise their internal security protocols in order to prevent such incidents again.

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.