Tracelo, smartphone geolocation tracking breached, data of 1.4 million users leaked

Tracelo, a smartphone geolocation tracking service, has been hit by a data breach, exposing the personal information of over 1.4 million individuals.

Tracelo is a relatively new service that claims to offer a geolocation tracking service that determines an individual's location using only their phone number. The company markets itself as an ethical tool for locating family members or other individuals, stating that it operates entirely online and remotely without the need for app installations.

A hacker using the alias "Satanic" claimed responsibility for the breach and subsequently leaked the data on Breach Forums, a notorious online platform for trading stolen information.

Data was exposed in three files:

"saas-backend.locate_phone_infos": Contains personal details of 646,442 individuals whose locations were allegedly traced.

• Full names
• Phone carriers
• Phone numbers
• Country, city, and timezone
• Unique identifier for each record

"saas-backend.users": Contains personal details of 803,103 Tracelo customers.

• Full names
• Physical addresses
• Bcrypt password hashes
• Email addresses (803,013)
• Last login date
• Subscription type
• Google ID numbers (619,979 individuals)
• Country, city, and zip codes

"saas-stage.users": Contains personal details of 9,853 individuals.

• Email addresses
• Subscription type
• Account creation date
• Bcrypt password hashes

The breach exposed the personal data of targeted individuals as well as Tracelo’s own customers, who sought to track others. The nature of the attack is not disclosed.

Affected customers and individuals should cancel payment cards used in the platform, update passwords specially if the same credentials were used on multiple platforms and be very careful about emails and voice communication claiming authority or urgency (Scam calls).