Tracelo, a smartphone geolocation tracker service, was breached on September 1, 2024, exposing information from each its prospects and the people focused by these prospects.
A hacker utilizing the alias “Satanic” claims to have breached Tracelo, a smartphone geolocation monitoring service. Because of this, the hacker has leaked the non-public particulars of over 1.4 million people (1,459,014) on the infamous Breach Boards.
What’s Tracelo?
Though a comparatively new service, Tracelo claims to supply a service that may decide an individual’s location utilizing simply their telephone quantity, presenting itself as a device for locating relations or different people with an emphasis on moral practices.
Nevertheless, whereas Tracelo states that it operates fully on-line and remotely, without having for app installations and solely requires a telephone quantity, the shortage of transparency about how consent is verified raises privateness issues.
The corporate insists that monitoring is completed responsibly, requiring specific prior consent from the individual being tracked, however critics may argue that merely sending an SMS for consent could possibly be simply bypassed or misunderstood by customers.
Furthermore, Tracelo’s assurances of legality and alignment with the Data Commissioner’s Workplace suggestions could not totally deal with doable misuse, particularly provided that location monitoring is a delicate subject involving private privateness and information safety.
The Breach
The breach occurred on September 1, 2024. In keeping with evaluation by the Hackread.com analysis group, the hacker managed to extract 264 MB of information, together with three CSV information: one named “saas-backend.locate_phone_infos,” one other named “saas-backend.users,” and a 3rd named “saas-stage.users.” Under is an in-depth file-by-file evaluation of the leaked information:
SaaS-backend.locate_phone_infos
The “saas-backend.locate_phone_infos” file seems to include the non-public particulars of over half 1,000,000 (646,442) victims worldwide, suggesting that these people had their places allegedly traced. Right here’s what the small print include:
- Full names
- Telephone carriers
- Telephone numbers
- Nation, metropolis and timezone
- A singular identifier for every document
and extra…
It is very important observe that Hackread.com didn’t discover any proof of location information being included within the data leaked throughout this breach.
Saas-backend.customers
The file Saas-backend.customers, incorporates private particulars of just about 1,000,000 (803,103) people/prospects who registered accounts on Tracelo. This consists of the next data:
- Full names
- Bodily addresses
- Bcrypt password hashes
- E-mail addresses (803,013)
- Final login date
- Subscription sort
- Google ID numbers
- Nation, metropolis and zipcodes
and extra…
Saas-stage.customers
The file “saas-backend.users” incorporates the non-public particulars of just about 1,000,000 (803,103) people who registered accounts on Tracelo. This information consists of the next data:
- E-mail addresses (9,853)
- Subscription sort
- Account creation date
- Bcrypt password hashes
and extra…
The Irony
Hackread.com has reached out to Tracelo for remark, however paradoxically, this breach includes the leak of shoppers’ bodily information. Whereas customers sought to trace the placement of others, the leak doesn’t embrace location information of the focused people however as a substitute exposes information in regards to the prospects themselves.
For instance, the file “saas-backend.users” incorporates bodily addresses for some prospects and Google ID numbers for 619,979 people. A Google ID quantity can be utilized to trace an individual’s approximate geolocation, current visits, ceaselessly visited locations, eating places they go to, their suggestions/evaluations, and even pictures they’ve uploaded to Google. Right here’s one instance of how I managed to trace a Tracelo buyer utilizing their Google ID:
Be careful for phishing and vishing scams
With telephone numbers and e-mail addresses uncovered within the Tracelo information breach, affected people needs to be alert towards potential phishing and vishing scams (voice phishing). Cybercriminals usually use this sort of private data to craft convincing fraudulent messages, posing as trusted entities to steal additional delicate data or monetary information.
Moreover, Customers needs to be cautious of surprising emails or calls requesting private particulars, passwords, or monetary data. It’s suggested to confirm the legitimacy of any communications earlier than responding and to report suspicious exercise to related authorities to stop falling sufferer to those scams.
RELATED TOPICS
- LetMeSpy Android Adware Service Shuts Down After Information Breach
- Ex-employee stole Israeli adware agency NSO Group Secrets and techniques for offers
- Household Location Tracker App Life360 Breach: 443K Customers’ Information Leaked
- Location Tracker Agency ‘Tile’ Information Breach: Hackers Entry Inside Instruments
- Parental management adware app Household Orbit hacked; 281GB of information uncovered
