Over 500,000 car tracking devices’ passwords accidentally leaked due to misconfigured cloud server
In another time case of an accidental data leak, login credentials of over 500,000 car tracking devices were freely exposed due to a misconfigured cloud server. The data came from SVR Tracking, which is a firm that claims to specialize in “vehicle recovery.”
allows SVR its clients to pursue their vehicles around the timer so they can control and recover them in case their vehicle has been stolen. The firm attaches a tracking device to a vehicle in a discreet place, so if the vehicle is stolen, an untold driver would have no knowledge of it denoting monitored.
researchers at Kromtech Security, who saw the violation, the data exposed included SVR users’ account credentials, such as emails and passwords. Users’ vehicle data, including VIN numbers and license plates, were also easily imperiled. The data was imperiled via an insecure Amazon S3 bucket.
Each repository restrained over a half of a million records with logins/passwords, emails, VIN (vehicle identification number), IMEI numbers of GPS devices and additional data that is settled on their plans, clients and auto dealerships. Interestingly, the exposed database also comprised notice wherever correctly in the car the tracking unit was ducked,” Kromtech researcher Bob Diachenko said in a blog.
SVR’s car tracking method monitors control a vehicle has been for the past 120 days, which can be openly obtained by anyone who has entree to users’ login credentials.
The unstable Amazon S3 pot has been secured after Kromtech reached out to SVR and informed them around the violation. It still continues unclear as to how long the data rested freely displayed. It is also debatable whether the data was mayhap accessed by hackers.
“In the age where corruption and technology go hand in hand, assume the possible threat if cybercriminals could find out where a car is by logging in with the credentials that were publically possible online and keep that car? The overall number of devices could be much bigger given the fact that many of the resellers or customers had large numbers of devices for tracking,” Diachenko said.