A New Discovered SVR Tracking Company Sever Repository Misconfiguration Leaks the Secret Information of vehicle recovery device and monitoring company SVR Tracking (stolen vehicle records) which Discovered from a misconfigured Amazon AWS S3 bucket.
SVR Tracking Providing service enables lot owners to locate and recover their vehicles with live, real-time tracking and provides stop verification.
Sever Misconfiguration may cause Biggest Impact that will Lead to Expose the Tons of Data from the Network into Public.
This Publically Available SVR Tracking Owns Repository contains customers and re-seller network and also the physical device that is attached to the cars.
The repository exposed over a half of a million records with logins / passwords, emails, VIN (vehicle identification number), IMEI numbers of GPS devices and other data that is collected on their devices, customers and auto dealerships. Interestingly, exposed database also contained information where exactly in the car the tracking unit was hidden.
What all are the Information Misconfiguration Leaks
A Repository Contains Tons of Personal Information with a Backup Folder called “accounts” contained 540,642 ID numbers, account information that included many plate & Pin numbers, emails, hashed passwords, IMEI numbers and more.
This Leakage 116 GB of Hourly Backups ,5 GB of Daily Backups from 2017, 339 documents called “logs” that contained data from a wider date range of 2015-2017 UpdateAllVehicleImages, SynchVehicleStatus, maintenance records.
Also Document with information on the 427 dealerships that use their tracking information, 339 documents called “logs” that contained data from a wider date range of 2015-2017 UpdateAllVehicleImages, SynchVehicleStatus, maintenance records.
This SVR Monitoring Software Provide some Advance Future to Monitors the Every Activities of the Car Driver including the Place that he Visited with Pin Pointed Map and also anyone with login using credentials about the top stops or locations where the vehicle has been.
This Software has very Flexible to access with any Internet Connected Devices such as desktop, laptop, mobile phone or tablet.
Kromtech Security Center has Discovered & Reported This Vulnerability Disclosed report to SVR Tracking Company and the Company has been Secured its MisConfigured Sever.