A hacker has breached the internal tool of the company Trackimo and accessed the user movement history. Trackimo specializes in GPS trackers used to monitor family members, pets, vehicles, and valuable assets.
The hacker, known as “Maia Arson CrimeW,” revealed that he infiltrated Trackimo’s internal support system by discovering an email containing a password for the Trackimo Trubleshooter Diagnostics tool. Through this tool, the hacker not only tracked his own device but also monitored other users’ devices. The system’s vulnerability was attributed to a weak password that was easily guessable.
The Trackimo Troubleshooter tool provides a display of recent device locations in a format similar to Google Maps, utilizing GSM, WiFi, and GPS signals. Additionally, the interface divulges device ownership details such as email, name, and phone number, along with diagnostic data like battery usage statistics.
In a detailed disclosure of the hack, Maia outlined his method of accessing Trackimo systems by purchasing a device, paying for the subscription, and exploring the company’s web interface. By examining support service emails, the hacker identified another password granting access to the Trackimo Troubleshooter tool, opening doors to extensive device data by mere identification.
Trackimo has since stated that the hacker’s access has been terminated, passwords changed, and the Troubleshooter tool disabled. However, Maia alleges obtaining data from multiple devices apart from his purchased one, potentially linked to ongoing investigations involving Trackimo devices or data. Contrastingly, Trackimo denies the hacker’s access to data from other devices.
Maia underscored that all identified vulnerabilities were promptly reported to Trackimo, leading to their resolution by the company.