364 inmates from five Idaho prisons exploited a vulnerability in their prison-issued tablets to issue themselves nearly $225,000 worth of digital credits to their accounts. They were able to crack and leverage a software vulnerability on their JPay tablets to increase their balances. The transferred credits were then used to buy music, ebooks and games.
The Idaho Department of Correction (DOC) discovered the hack earlier this month. They emphasized though that no real money was stolen and that the credits did not involve taxpayer dollars.
For a few years now, tablets are allowed at low-security level prisons across the United States. This gives the inmates the privilege to email their families, access educational materials, read news, and even purchase music and simple computer games. They’ve been offered through a contract between JPay and CenturyLink.
Prison officials have already reprimanded the inmates involved in the hacking. They have been charged with a disciplinary offense and lost various privileges. They may also be reclassified to a higher security risk level.
According to the DOC, JPay has managed to recover $65,000 worth of digital credits from the 364 inmate accounts. It has also blocked the inmates involved from being able to download music and games until the company is compensated for their losses.