A group of 364 prison inmates housed in a series of Idaho correction facilities stole a total of $ 225,000 in digital credits by exploiting a vulnerability in tablets owned by a company called JPay Associated Press . JPay is a private company that offers prisoners digital services such as e-mail, music, games and money transfer.
JPay provides inmates with access to the outside world, and prisons often use their services to help with rehabilitation and education. It does not seem to use tax dollars to fund any of its services, nor any of its revenues from digital sales usually go to the state. Instead, JPay will either have family members or friends of inmates buy the tablet for them, or it will pay the bill for the device itself, as it did for 53,000 inmates in the New York Prison system earlier this year.
The company appears to generate revenue by charging inmates, for example, for e-mail usage and digital media downloads, using a credit system. "If you use one of these tablets, your loved ones can pass the time, keep in touch, and stay in touch with you," says the company's product page for the JP5 tablet.
By "deliberately exploiting a vulnerability within JPay to unduly increase their JPay account balances," hundreds of inmates were credited with their own accounts, Jeff Ray, spokesman for the Correctional Department, said in a statement.
It is not immediately clear what the vulnerability was or how so many different inmates could exploit it, though presumably there was some sort of secret communication about the hack that was passed between detainees in various institutions. JPay has recovered the $ 65,000 credits and suspended the inmates' ability to use these credits to download music and mobile games until the company was compensated for their losses. Inmates may continue to use e-mails, according to the report.
According to AP most inmates gave $ 1,000 in loans, while the largest amount was worth nearly $ 10,000. "This behavior was intentional, not accidental, and required knowledge of the JPay system and several actions by each inmate who exploited the system's vulnerability to mis-credit their account," Ray added.