Hacktivist breaches private security app Citizen
Hacker leaks data from app detailing 1.7 million public safety incidents
A hacker has posted 1.7 million records owned by private security app Citizen on the dark web.
The hacktivist, who identified themselves as a member of the loosely coupled Anonymous collective, scraped data en masse from Citizen-owned systems. Citizen collects and publishes information about crimes happening in real time.
The data set included logs of police activity in different cities and the metadata from videos uploaded to the app. It also included links to 1.5 million videos stored on the company's servers, representing 70TB of footage, reported Motherboard.
Launched in 2016, Citizen began as Vigilante, an app that harvested emergency radio calls and documented where crime was happening in real time. Apple initially pulled it from the app store for allegedly encouraging vigilante activity, but it relaunched the following year. It now includes the ability for users to live stream incidents and report emerging crime events themselves.
The hacker, who posted the data on a dark website titled The Concerned Citizen's Citizen Hack, scraped it by analyzing how the website stores videos and finding the original files on an AWS S3 bucket. They used the same API as Citizen's app to retrieve the ID of the crime incident linked to the video file and downloaded the incident data in bulk. The videos in the S3 bucket reportedly included some tagged for removal by moderators but were still accessible via a direct link.
Citizen responded that all the scraped information was already publicly available on the company's website.
Protecting your dispersed workforce
Cyber security in the new normalDownload now
The hacker's dark website also includes contact tracking data from Citizen, which operates its own COVID-19 contact tracking app called SafePass. In a major privacy stumble, the company reportedly exposed tracking data to the public by mistake, including self-reported symptoms and test results, linked to their Citizen usernames.
This month, Citizen was in the news after a live stream from the app with over a million views sparked a manhunt in California. The app showed the name and photo of a man believed to have started a wildfire, but he turned out to be innocent. In May, Motherboard discovered the company had been testing the idea of a private security force after vehicles branded with the Citizen logo were photographed in Los Angeles.
Accelerating AI modernisation with data infrastructure
Generate business value from your AI initiativesFree Download
Recommendations for managing AI risks
Integrate your external AI tool findings into your broader security programsFree Download
Modernise your legacy databases in the cloud
An introduction to cloud databasesFree Download
Powering through to innovation
IT agility drive digital transformationFree Download