Prison video visitation systems are sometimes the only way family and lawyers can talk to inmates, particularly during the COVID-19 pandemic, but the security of those systems recently suffered a major lapse. Researcher Bob Diachenko told TechCrunch that video visitation provider HomeWAV left a database dashboard publicly accessible without a password since April, exposing “thousands” of calls between inmates and their attorneys. Anyone could read call logs and transcripts.
HomeWAV shut down the dashboard shortly after TC reported the issue. Company chief John Best confirmed the incident and said that a third-party vendor inadvertently removed the password restriction that kept the server private. He also promised to notify inmates, their families and lawyers.