Kromtech Security Center discovered a cache of about 540,000 exposed records from vehicle tracking devices, according to a report by Forbes.
The exposed user data contained IMEI (International Mobile Equipment Identity) information, a unique number assigned to any cellular device. The records allowed Kromtech to view usernames, passwords, and email addresses registered to each tracking device, as well as license plate numbers, VINs, and where trackers were installed, according to the report.
Kromtech found that one tracker type had connections to over 400 automotive dealerships and compromised dealership data as well.
Kromtech also discovered 339 log files containing maintenance records, pictures, and more through improperly configured Amazon S3 cloud storage, says the report.
Amazon has recently began scanning its cloud storage service for exposed caches like the one Kromtech found. It is unclear if the bucket's creator ignored Amazon's notification, did not receive one, or if Kromtech found the data before a notice was sent, according to the report.
Click here for the full Forbes report.