"While P3 says that the communications on the system are encrypted, however the data was allegedly retrieved in plaintext. P3 also claims that the tip collection and messaging process is anonymous, however the data indicates that administrators are secretly given the ability to de-anonymize users."
"People reported on cartel trafficking and sexual assault through this platform because they were promised anonymity, and P3 was storing their information with unencrypted passwords while quietly letting clients request tipster IP addresses."
Internet Yiff Machine, a hacker group, claimed responsibility for breaching P3 Global Intel, a tip intelligence platform owned by Navigate360. The breach exposed more than 8 million confidential tips in 93 gigabytes of data. Navigate360 is investigating the incident. DDoSecrets, a transparency website, revealed contradictions in P3's security claims: while P3 stated communications were encrypted, the leaked data was retrieved in plaintext. Additionally, P3 claimed the tip process was anonymous, but the data showed administrators possessed secret de-anonymization capabilities. Navigate360 serves federal agencies, military, law enforcement, and schools. The hackers identified P3 clients including ICE, U.S. Air Force, U.S. Secret Service, and Department of Justice.
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]