A little-known policing tool credited with helping more than 60 law enforcement units conduct multi-agency raids may have exposed confidential data
These details can be seen on the open internet and include information about raids, suspects who have not yet been found guilty of a crime, and, in some cases, the cops themselves.
The Data Exposure Has Been Caused By An API Flaw
ODIN Intelligence's SweepWizard program may have exposed personally identifying data on thousands of suspects and hundreds of cops, according to Gizmodo.
These specifics consist of the time of the raids, the addresses of the suspects' homes, their demographic information, and, in some circumstances, their Social Security numbers.
While the validity of the report has not been confirmed yet, that information, along with others, may be utilized to alert suspects to prospective raids.
According to the investigation, SweepWizard may have revealed the whereabouts and identities of 5,770 suspects.
Around 1,000 of those individuals apparently had social security numbers contained in their files, along with the names, contact information, and email addresses.
This data was gathered from hundreds of officers, as well as information about about 200 operations that were also connected to the crime.
According to Wired, data on the app was accessible as recently as December 2022 and as far back as 2011.
All of that exposure was made possible through a bug in the app's API that allowed users to access supposedly confidential information on the app from a web browser without logging in.
Read More: The Guardian Confirms Ransomware Attack That Compromised Employees' Personal Data
ODIN Intelligence Is Currently Investigating The Incident
Users may no longer use SweepWizard's website or app from the Apple App Store after ODIN Intelligence did not immediately reply to a request for comment.
On its website, ODIN Intelligence states that it collaborates with a number of organizations dedicated to law enforcement.
This includes the National Sheriff's Association, the International Association of Chiefs of Police, and the American Correctional Association.
According to ODIN Intelligence Inc. CEO Erik McCauley, the company takes security very seriously and has looked into these allegations in great detail.
McCauley asserts that the business has not yet been able to duplicate the purported security breach to any ODIN system, Wired reports.
He assured that SweepWizard will take the necessary action if there is any proof that ODIN or SweepWizard security has been compromised.
Now that it has been established that several law enforcement agencies used SweepWizard's free trials in the past, they all report that their use of the software is being looked into.
The Los Angeles Police Department, which purportedly utilized the software in Operation Protect the Innocent, a major sex offender operation last year, has since ceased its usage of SweepWizard while an inquiry is still ongoing.
The compromise SweepWizard revelation emphasizes the dangers of a growing trend in law enforcement, which is contracting out policing work to small, private businesses.
Authorities have demonstrated a readiness to gather location and other personal data for a fee, from local police to the FBI and Department of Homeland Security, a practice some privacy activists see as a legal loophole.
Related Article: Data Of 200 Million Twitter Users Has Not Been Leaked, Twitter Says