Cellebrite, a firm hired by military groups and government to harvest data from mobile devices, has been hacked. The Israeli company confirmed on Thursday that it “recently experienced unauthorized access to an external web server.”

According to Motherboard, it has obtained 900 GB of data related to the company, including customer information, databases, and a vast amount of technical data regarding Cellebrite’s products.

The mobile hacking firm confirmed that data was stolen in its statement:

“The impacted server included a legacy database backup of my.Cellebrite, the company’s end user license management system. The company had previously migrated to a new user accounts system. Presently, it is known that the information accessed includes basic contact information of users registered for alerts or notifications on Cellebrite products and hashed passwords for users who have not yet migrated to the new system.”

Cellebrite said it is investigating, and once the investigation of the attack is complete, the company will take any appropriate steps necessary to harden its security posture to mitigate the risk of future breaches.