- Joined
- Aug 20, 2006
- Messages
- 13,000
The Kromtech Security Center has found over half a million records belonging to SVR, a company that specializes in vehicle tracking, publicly available online: everywhere a car has been in the past 120 days is accessible for those who have the right login credentials for SVR’s app, which is downloadable for desktops, laptops, and almost any mobile device.
Researchers discovered a misconfigured Amazon AWS S3 bucket that was left publicly available. The breach has exposed information about their customers and re-seller network and also the physical device that is attached to the cars. The repository contained over a half of a million records with logins / passwords, emails, VIN (vehicle identification number), IMEI numbers of GPS devices and other data that is collected on their devices, customers and auto dealerships. Interestingly, exposed database also contained information where exactly in the car the tracking unit was hidden.
Researchers discovered a misconfigured Amazon AWS S3 bucket that was left publicly available. The breach has exposed information about their customers and re-seller network and also the physical device that is attached to the cars. The repository contained over a half of a million records with logins / passwords, emails, VIN (vehicle identification number), IMEI numbers of GPS devices and other data that is collected on their devices, customers and auto dealerships. Interestingly, exposed database also contained information where exactly in the car the tracking unit was hidden.