Slashdot Mirror

← Back to Stories (view on slashdot.org)

Passwords For 540,000 Car Tracking Devices Leaked Online (thehackernews.com)

Posted by BeauHD on from the public-domain dept.

An anonymous reader quotes a report from The Hacker News: Login credentials of more than half a million records belonging to vehicle tracking device company SVR Tracking have leaked online, potentially exposing the personal data and vehicle details of drivers and businesses using its service. Just two days ago, Viacom was found exposing the keys to its kingdom on an unsecured Amazon S3 server, and this data breach is yet another example of storing sensitive data on a misconfigured cloud server. The Kromtech Security Center was first to discover a wide-open, public-facing misconfigured Amazon Web Server (AWS) S3 cloud storage bucket containing a cache belonging to SVR that was left publicly accessible for an unknown period. Stands for Stolen Vehicle Records, the SVR Tracking service allows its customers to track their vehicles in real time by attaching a physical tracking device to vehicles in a discreet location, so their customers can monitor and recover them in case their vehicles are stolen. The leaked cache contained details of roughly 540,000 SVR accounts, including email addresses and passwords, as well as users' vehicle data, like VIN (vehicle identification number), IMEI numbers of GPS devices. The leaked database also exposed 339 logs that contained photographs and data about vehicle status and maintenance records, along with a document with information on the 427 dealerships that use SVR's tracking services.

11 of 33 comments (clear)

  1. Save face by fluffernutter · · Score: 1

    Maybe they should have facial recognition scanners!

    --
    Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
  2. How are we defining 'Data breach'? by Hylandr · · Score: 1

    exposing the keys to its kingdom on an unsecured Amazon S3 server, and this data breach

    I wouldn't quite call that a 'data breach'

    --
    ~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
    1. Re:How are we defining 'Data breach'? by alexandre · · Score: 1

      indeed, it's a data buffet :D

    2. Re:How are we defining 'Data breach'? by HornWumpus · · Score: 2

      Geolocation records from half a million cars from 'buy here, pay here' lots.

      You could analyze this data and find every drug house in the nation. The spots where lots of scumbags frequently stop for short times, exclude retail locations and you're left with 'informal retail locations'.

      But it's not like the cops don't already know where most are. They can pick up a few bucks from the spots they weren't already extorting.

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    3. Re:How are we defining 'Data breach'? by Hylandr · · Score: 1

      I have purchased vehicles from Buy here Pay here places. I ran a wrecker company for a year that serviced these places also. There's more up and up sales than you realize.

      --
      ~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
    4. Re:How are we defining 'Data breach'? by HornWumpus · · Score: 1

      Did I even address that issue? I'm just saying this is a large enough dataset, from a specific enough group to mine for valuable data.

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
  3. Never mind so-called 'AI' destroying us by Rick+Schumann · · Score: 2

    What's really going to bring humanity to it's knees? Dumbasses who can't manage to keep our data secure!

  4. Why does Amazon allow "no password" as an option?? by Nanoda · · Score: 1

    Can anyone explain why Amazon even allows users to set up databases with no passwords? It seems to me that this type of leak happens monthly, if not more frequently. Surely the bad press Amazon gets by association is enough by itself for them to make passwords mandatory? I truly do not understand how this keeps happening again and again and again.

  5. Re:Not to worry by godel_56 · · Score: 1

    If you have done nothing wrong, you have nothing to fear.

    Unfortunately it's the people in charge that get to define "wrong' and they can change that definition on a whim, and sometimes secretly.

  6. Re:Why does Amazon allow "no password" as an optio by CharlesAKAChuck · · Score: 1

    Why it happens again and again? Because having a master's degree in music makes you obviously highly qualified to be the chief security officer, of course. On a more serious note, well not more serious but different anyways, it's because security costs money, and nobody wants to pay for it. On the bright side, the more of these stories we see, the more valuable my degree in cybersecurity becomes...

  7. Re:Why does Amazon allow "no password" as an optio by Dutch+Gun · · Score: 1

    S3 is a generic hosting system. Whether you use it for public or private storage is entirely up to you. Many websites are build with Amazon serving their content, for example.

    There's really no way to cure abject stupidity like this. You can always build a better idiot.

    --
    Irony: Agile development has too much intertia to be abandoned now.