Home / Early Warning / Cybersecurity Highlights / More than 500,000 SRV Tracking customers affected by an information leak

More than 500,000 SRV Tracking customers affected by an information leak

09/21/2017

The US company SRV Tracking, dedicated to monitoring the GPS signal of vehicles to follow up, alert them of their movements and thus recover them in case of theft, has been the victim of a cyber attack to its servers, which has caused the theft of sensitive information of more than 500,000 customers. Among the stolen data is the web platform user name and password, the vehicle identification number, the GPS device IMEI, and even the hidden location of the GPS device in the vehicle.

The cyberattack was carried out because the company had a cache server without a password, and in which all these data were housed. In addition, the stolen passwords were protected by the SHA-1 encryption algorithm, already obsolete because of its ease of decryption.