Tracking Device Information for Over 500,000 Vehicles Leaked Online

September 22, 2017

Data breaches have been hot on the news, with the Equifax breach affecting as many as 143 million people. In another recent development, information for car tracking devices coming from the database vehicle recovery and tracking service company SVR Tracking were leaked online.

SVR (short for “stolen vehicle records”) provides constant monitoring and surveillance of customer vehicles via a tracking device which is attached to an inconspicuous location in the vehicle. This device allows continuous live tracking of the vehicle—up to every two minutes in motion—for as far back as the past 120 days through proprietary software on any device with a live internet connection.

The leaked repository contains over 500,000 records—including user credentials, Vehicle Identification Numbers (VIN), the exact location of the tracking device, and other collected data. What this means is that anyone who has access to SVR’s database will be able to track the location of any specific vehicle within the previous 120 days. In addition, information regarding the company’s customers and reseller networks were also exposed in the leak.

The reason for the leak was apparently a misconfigured Amazon Web Services (AWS) S3 bucket that was publicly accessible for some time before the breach occurred. As of the time of this publication, the repository has already been blocked from public access.

While internet-connected vehicles provide a number of benefits for its users, it also has its own share of downsides, not only with database issues as seen in this leak, but also for the vehicles and drivers. In this instance, where the issue is with a company that handles highly sensitive data, greater emphasis should be made on protecting databases, as any leak or breach can be disastrous, not only for the company but also for their customers.

Organizations can help prevent this from occurring by the following best practices:

  • Many data leaks occur because of human error – for example, a lack of properly trained staff can lead to mistakes that can result in data leaks. Organizations should ensure that their employees know how to properly handle, store and transport important data.
  • Creating contingencies and disaster recovery plans involving disclosure strategies and mitigation steps will help minimize the impact in case of an actual data breach or leak occurring.
Organizations that rely on the cloud for a large portion of their databases can look into cloud-centric solutions such as Trend Micro™ Hybrid Cloud Security, which delivers a blend of cross-generational threat defense techniques that have been optimized to protect physical, virtual, and cloud workloads.  It  also features Trend Micro™ Deep Security™, the market share leader in server security, protecting millions of physical, virtual, and cloud servers around the world.
HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.