Idaho Department of Correction officials announced Thursday that, presumably much to their chagrin, hundreds of inmates had successfully hacked their apparently vulnerability-laden system to boost their JPay accounts.
JPay spokesperson Jade Trombetta hitABC News with a statement claiming they were "proud" to give inmates access to their money transfer, education, and entertainment services. "While the vast majority of individuals use our secure technology appropriately, we are continually working to improve our products to prevent any attempts at misuse," Trombetta, in reference to the apparent hack, said Thursday.
All told, just shy of $225,000 was spread across 364 inmates' JPay accounts via "intentional, not accidental" actions. The largest credit obtained by a sole inmate was nearly $10,000. Approximately 50 inmates had credit boosts exceeding $1,000. According to CenturyLink, which provides tablets to inmates in multiple prisons in partnership with JPay, the account boosts were made possible via the exploitation of a "software vulnerability." The security issue, which hasn't been detailed further, has supposedly since been fixed.
The hack was first spotted earlier this month by the Idaho Department of Correction's special investigations division and is said to have involved exactly $0.00 in taxpayer bucks. In response to the hack, ABC reports that some of the involved inmates could potentially be reclassified to a higher security risk level of detainment. Thus far, JPay and CenturyLink have recovered just over $65,000 in hacked credits. Involved inmates still have JPay-enabled access to emails but have since been blocked from downloading games and music.
