Earlier this week, Zack Whittaker reported:
The website for ODIN Intelligence, a company that provides technology and tools for law enforcement and police departments, was defaced on Sunday.
The apparent hack comes days after Wired reported that an app developed by the company, SweepWizard, which allows police to manage and coordinate multi-agency raids, had a significant security vulnerability that exposed personal information of police suspects and sensitive details of upcoming police operations to the open web.
Read more at TechCrunch, and then read ODIN’s notification about the claims, keeping in mind Emma Best’s comments to TechCrunch that DDoSecrets has the data that was allegedly hacked and is processing it.
So what does Odin have to say for itself in its January 17 notification, which is embedded below this post? It seems to be treating this all as two unrelated incidents or claims:
23-01-17 - ODIN Intelligence - Data Security Breach Notice LetterWHAT HAPPENED?
Between January 5, 2023 – January 10, 2023, An individual claiming to write for Wired magazine sent an email recently alleging to have received information about a potential security vulnerability in SweepWizard, a product possibly used by your Agency. The individual claimed that the software had a vulnerability, which we were unable to reproduce. However, out of an abundance of caution, we immediately took our servers offline to prevent any further breach.On January 10, 2023, this individual contacted us again, this time claiming to have gained unauthorized access to the SweepWizard app retrieving confidential law enforcement data.
On or about January 14, 2023, in a separate incident, a hacker group claimed to have hacked ODIN Intelligence, Inc. computer systems, and aquired (sic) 16 gigabytes of data. This incident is still being investigated.