Securus Technologies—the company that provides a geolocation service used for cell phone tracking by law enforcement agencies—has been hacked, exposing the usernames and weakly protected passwords of thousands of customers. The person claiming to be responsible for the breach provided some of the data to Motherboard’s Joseph Cox, along with an explanation of how it was obtained. Securus has not confirmed the breach.
Securus, which offers phone services for prisons, began offering location-based tracking to help prisons track where inmates’ calls were actually going to. This allowed prisons to “geofence” areas “associated with illegal activity,” as a redacted Securus brochure posted online by the Electronic Frontier Foundation shows. But that same service can be used to show the location of mobile phones on a map. The service, called GeoLoc, “provides the approximate location of the cellular device being called at both the beginning and the end of the call,” the Securus marketing material states.
But the data Securus uses for GeoLoc can also be used for other purposes—including tracking the location of virtually any cell phone. A Web-based application from Securus, called Securus Call Platform, allows law enforcement officers to log in from a browser and run searches for mobile devices without requiring an outbound call.