Law enforcement recently hacked into Ghost, an encrypted communications platform authorities allege was used by serious organized criminals, and gained access to user messages. Now independently of that, a security researcher has found multiple glaring issues with Ghost’s infrastructure, including ones that allowed him to pull a large list of Ghost usernames and customer support messages from a publicly exposed Ghost server, according to a copy of the researcher’s findings and multiple screenshots shared with 404 Media.
The news shows how as organized criminals move to making their own, smaller encrypted phone networks, those systems could be vulnerable to outside hackers or law enforcement.
When Ghost started to rely “on their own code, not that of an enterprise company, that’s when you see what an absolute mess it was,” Jamieson O’Reilly, founder and offensive security lead of cybersecurity company Dvuln, told 404 Media in an online chat.