• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • March 9th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News
Leaks

Over Half a Million Vehicle Records from SVR Tracking Leaked Online

September 23rd, 2017 Waqas Security, Leaks 0 comments
Over Half a Million Vehicle Records from SVR Tracking Leaked Online
Share on FacebookShare on Twitter

Over Half a Million Vehicle Records from SVR Tracking Leaked Online – Thanks to Amazon Web Services Bucket.

SVR Tracking, a renowned vehicle tracker devices manufacturer, has become the latest victim of data exposure. According to Kromtech Security Centre’s research, login data of more than half a million records of SVR Tracking was leaked online making the personal and vehicle-related information of organizations using the devices and drivers potentially vulnerable.

According to Bob Diachenko from Kromtech: “The overall number of devices could be much larger given the fact that many of the resellers or clients had large numbers of devices for tracking. In the age where crime and technology go hand in hand, imagine the potential danger if cybercriminals could find out where a car is by logging in with the credentials that were publicly available online and steal that car?”

The data was available in publicly accessible Amazon Web Services S3 bucket where nearly 540,642 SVR accounts’ information is present. The data included email addresses, passwords, license plates and VIN/vehicle identification numbers.

Over Half a Million Vehicle Records from SVR Tracking Leaked Online

Leaked data screenshot (Credit: Kromtech)

Kromtech claims that although the available data is of roughly half a million vehicles, there are cases where multiple vehicles are linked with a single record. Currently, the duration for which data remained exposed is not confirmed, but SVR Tracking immediately resolved the issue as soon as it was notified.

SVR’s data leak has also exposed 339 logs, containing a large number of vehicle records such as maintenance records, GPS service data, vehicle pictures and some important documents detailing contract information with 427 car dealerships, which use services of SVR Tracking. The data was stored in a backup folder titled “accounts,” and this folder contained the 540,642 records.

Over Half a Million Vehicle Records from SVR Tracking Leaked Online

SVR screenshot

The issue is related to a misconfigured AWS S3 bucket. Reportedly, the bucket was not configured appropriately, which is why it was publicly accessible for a certain, unidentified timespan. This was when the data breach occurred. The cache was firstly discovered on 18th September while the AWS bucket was closed when Kromtech informed SVR on 20th September.

SVR Tracking is known for providing expert, reliable Vehicle Recovery solutions through 24/7 surveillance devices installed in automobiles. The basic objective of these devices is to prevent the vehicle from being stolen or towed.

To ensure 24/7 monitoring, the device has to provide live updates of the location of the vehicle, which is a continuous process that is conducted at every two minutes interval when the vehicle is mobile and after every four hours when it is immobile. Vehicle owners can access data of the past 120 days. It must be noted that the device is installed at a secret location inside the vehicle; therefore, any unauthorized individual cannot notice it.

As we mentioned that the vehicle owner can access location of the car in the past 120 days but it relies upon having access to accurate login credentials for the SVR app. The app is compatible with desktops, laptops and all mobile devices. The SVR passwords are hashed with other random data but the problem is that the protection level, which is SHA-1, is quite weak. This means it is very easy for a hacker to crack SVR passwords.

Kromtech researchers have been quite active these days. Previously, the security firm discovered database of 3 million WWE fans. In last one week, Kromtech discovered two high-profile databases publicly available databases including Alaska voters and Viacom database.

[fullsquaread][/fullsquaread]

[Kromtech]

  • Tags
  • Amazon
  • AWS
  • Data
  • database
  • internet
  • LEAKS
  • Privacy
  • security
  • Technology
  • Vehicle
Facebook Twitter LinkedIn Pinterest
Previous article New ransomware scam asks for nude pics to unlock files
Next article TV broadcasts in California interrupted to show "end of the world" alert
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
European Banking Authority victim in Microsoft Exchange Server hack

European Banking Authority victim in Microsoft Exchange Server hack

FluBot Android malware mimics FedEx, Chrome apps to steal user data

FluBot Android malware mimics FedEx, Chrome apps to steal user data

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
European Banking Authority victim in Microsoft Exchange Server hack
Hacking News

European Banking Authority victim in Microsoft Exchange Server hack

FluBot Android malware mimics FedEx, Chrome apps to steal user data
Android

FluBot Android malware mimics FedEx, Chrome apps to steal user data

John McAfee Charged with Fraud in Cryptocurrency Scam
Cyber Crime

John McAfee Charged with Fraud in Cryptocurrency Scam

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us