Tag: Managed Services

We’ve seen a lot of hacking attacks so far this year, but the successful breach of SVR Tracking may take the prize as the most invasive attack of 2017.

If you’re not familiar with the company, SVR Tracking provides a vehicle tracking service. This is accomplished by mounting a small, unobtrusive device on your car in an area where an unauthorized driver is unlikely to notice or look.

Once the device is attached, it reports the vehicle’s location back to the app database in two-minute intervals when the vehicle is in motion, and in four-hour intervals when the vehicle is stationary. One-hundred and twenty days of vehicle location information is available to anyone with the proper login credentials.

On September 18, researchers from Kromtech Security Center discovered files in an unsecured Amazon S3 bucket containing login credentials for more than half a million SVR Tracking accounts. Note that the total number of vehicles this could impact is likely far higher than half a million, because the app is frequently used by companies that manage entire fleets of vehicles, so one account may have dozens (or more) vehicles associated with it.

The exposed files contained account names, passwords, vehicle maintenance reports, dealer contracts and more.

There are two primary ways that a hacker could profit from this information. First and most obvious is that if you know exactly where a vehicle is, and when it’s likely to be sitting idle for hours at a time, then it’s incredibly easy to steal it.

Second, and less obvious, is that knowing where a vehicle goes allows hackers to build a detailed profile about the person driving the car, which can be used to provide better email targeting for attacks down the road.

In any case, the offending files have now been removed and the server locked down, but there’s no way of knowing how many unauthorized people accessed those files while they were publicly visible. If you use the SVR Tracking app, just to be safe, you should change your password immediately.

TIO Networks, a cloud-based, multi-channel bill payment platform purchased by Paypal for $233 million in 2017, was breached earlier this year, exposing PII (Personally Identifiable Information) for an estimated 1.6 million of the service’s users.

TIO Networks primarily does payment processing and accounts receivables for cable, utility, wireless and telecom companies in North America. If you do business with TIO, it’s possible that your company or personal information may have been compromised.

So far, neither Paypal nor TIO Networks has released any significant details about the breach, so we do not yet have any indication of how it happened, who was responsible or exactly which of their customers had their information exposed. Paypal did release a brief statement concerning the incident, which said, in part:

“The PayPal platform is not impacted in any way, as the TIO systems are completely separate from the PayPal network, and PayPal’s customers’ data remains secure.”

The statement went on to say that as soon as PayPal identified the breach, they took action by “initiating an internal investigation of TIO and bringing in additional third-party cybersecurity expertise to review TIO’s bill payment platform.”

For their part, TIO Networks has suspended all operations until the investigation into the matter has been completed, and has begun notifying impacted customers. In addition to that, as is common with situations like these, they’re also working with Experian to provide a year’s worth of free credit monitoring for people who were affected.

A part of TIO’s statement about the incident reads as follows: “At this point, TIO cannot provide a timeline for restoring bill pay services, and continues to recommend that you contact your biller to identify alternative ways to pay your bills….We sincerely apologize for any inconvenience caused to you by the disruption of TIO’s service.”