Misconfigured Locksmith Services web servers exposed sensitive information

Darryl Burke reports:

On Wed Nov 23rd, we discovered a misconfiguration on the web servers of the company “Locksmith Services” which is a US based national dispatch service for Locksmiths. The misconfiguration on the website dispatchlogin.net exposed the; audio recording of calls, emails, customer contact information, photos of drivers licenses and passports, photos of credit cards including the CVV numbers.

The company “Locksmith Services” has been notified of the data exposure and has since fixed the misconfiguration of it’s service. It is unknown at this time if any other 3rd party has accessed the data prior to being discovered by us. There were approx 3,000 customers credit card and government issued ID records exposed.

Read more on Darryl’s blog.  Of note, they include alternative names for the business in question:

  • American Services:
  • Locksmith Service Company
  • America’s Locksmith Services
  • 24 Hours Locksmith Service
  • 24/7 S.O.S. Locksmith Services

About the author: Dissent

Comments are closed.