Remember meForgot password?
    Log in with Twitter

article imageData from 540 thousand vehicle tracking devices leaked online

By Karen Graham     Sep 23, 2017 in Technology
Another breach has endangered the security of online data not meant for public consumption. This time, the leak involved the login data of more than half a million records tied to vehicle tracking device company SVR Tracking.
Kromtech Security Center was first to discover the wide-open, public-accessible data, potentially exposing the personal and vehicle information of drivers and businesses using SVR Tracking, reports Forbes..
Kromtech's chief of communications Bob Diachenko blamed the problem on a misconfigured Amazon Web Server (AWS) S3 cloud storage bucket containing a cache belonging to SVR that was left unsecured for an unknown period of time.
Stolen Vehicle Records (SVR Tracking) allows customers to track their vehicles in real-time using discretely placed GPS beacons so they can monitor and recover them in case their vehicles are stolen.
Details in the over 540,000 accounts included email addresses and passwords, as well as users' vehicle data, like VIN (vehicle identification number), and IMEI numbers of GPS devices. One thing Kromtech found that was particularly disturbing was that one particular tracking device was installed by more than 400 automotive dealerships, and data about them was also left out in the open.
All the data found was left in a backup folder called "accounts," Quite a number of the entries had multiple vehicles, and according to Kromtech, the actual total of the tracking devices could be much higher "given the fact that many of the resellers or clients had large numbers of devices for tracking."
Misconfigured S3 cloud storage problems not new
The Hacker News relates that just a couple days ago, Viacom was found exposing the keys to its kingdom on an unsecured Amazon S3 server. Researchers working for California-based cyber resiliency firm UpGuard discovered a wide-open, public-facing misconfigured Amazon Web Server S3 cloud storage bucket containing almost a gigabyte's worth of credentials and configuration files for the backend of dozens of Viacom properties.
The data found by UpGuard researcher Chris Vickery was enough information for hackers to take down Viacom's internal IT infrastructure and Internet presence, allowing them to access cloud servers belonging to MTV, Paramount Pictures and Nickelodeon.
This is not the first time Vickery has discovered vital information left unprotected on an AWS S3 server. Vickery has previously tracked down many exposed datasets on the Internet, including personal details of over 14 million Verizon customers, a cache of 60,000 documents from a US military site, information on over 191 million voters from a Republican contractor, and 13 Million MacKeeper users.
More about cyber breach, SVR Tracking service, Amazon S3 Server, misconfigured cloud server, GPS beacons
More news from