A dad-of-three says the FBI raided his family home at dawn this week – after he found and reported a password-less FTP server containing people's dental records.
In February, Justin Shafer, a 36-year-old dental computer technician and security researcher, discovered and reported a hardcoded password in the Eaglesoft record management software that cannot be changed without breaking the application.
In the course of his research, he said he stumbled across an unprotected FTP server belonging to the software's developer Patterson Dental that contained confidential, unencrypted patient records. Shafer reported that too, because the information was just lying on the internet for anyone to find, he said.
Then on Tuesday this week, according to Shafer, a dozen or so agents rocked up at his home in Texas with a search warrant, and left with his computers, phone and gadgets. He was accused of breaking the Computer Fraud and Abuse Act, because Patterson Dental claims Shafer accessed their systems without authorization.
He says he has not been arrested nor charged. ®