Over 10 million passwords possibly compromised at Trapster

Trapster is an online service that notifies users of road hazards and helps them avoid speeding tickets. Now it has notified its users of a possible compromise to over 10 million email addresses and passwords -- that number is based upon the posted total users on the site.

It's the digital and therefore hackable version of an old-time custom of drivers flashing their headlights at oncoming cars to warn of upcoming speed traps. Drivers helped other drivers target areas and avoid speeding tickets. After Trapster launched, the Boston Globe called it "a speed-trap sharing system" where users alert others after spotting "a police officer with a radar gun." Several years later, with the ability to crowd-source speed traps worldwide from over 10 million total users, Trapster may have been the one targeted.

Trapster warned users through emails and Peer360 that the company website, "has been the target of a hacking attempt, and it is possible that your email address and password were compromised."

trapster.gif

The Trapster team also reported, "We have already rewritten the software code to help prevent this type of attack from happening again, and continue to implement additional security measures to further protect your data." The advice for users to change password is a "precautionary measure."

After over 1 million user email addresses and passwords were breached via Gawker, it became evident that password reuse was a problem of epic proportions. The Wall Street Journal analyzed the top 50 Gawker Media (Gawker, Gizmodo, Lifehacker, and Jezebel) passwords, finding some of the most popular choices were "123456", "password" and "qwerty." PC World published password security best practices which might be good to look over before changing your Trapster password.

In 2009, Wired named Trapster as one of the best location-aware apps, enabling users to "drive fast, avoid the cops." As the app grew in popularity, the D.C. police chief Cathy Lanier told the Washington Examiner, Trapster "technology was a 'cowardly tactic' and 'people who overly rely on those and break the law anyway are going to get caught' in one way or another." The article added that the greater D.C. area had "290 red-light and speed cameras."

The Trapster Blog claims its success is due to "our loyal users and army of Trapster moderators" yet it doesn't mention passwords may have been compromised. There was no reply to my email asking about it. When looking over information about the hack, reviewing #Trapster tweets, they ranged from speed traps, someone who had to change 30+ passwords after the possible Trapster compromise,  users alerting others to change their passwords, a tweet bashing Trapster security that points out Trapster's non-encrypted login, to links of amusing stories such as a prankster turning a speed camera into Wall-E. So far, there were no signs of Trapster passwords appearing in the wild...so it may indeed be "on the cautious" but wise side to change your password.

According to trapster.com, lead-foot people who don't have GPS smartphones can also benefit from using Trapster as text message alerts can be sent. The app alerts users of many types of road "traps" like red light cameras, speed traps, checkpoints, and accident scenes. Trapster allows anyone, not only registered users, to view the TrapMap of speed traps in their area. Trapster also works with iPhone, iPad, Blackberry, Android, Windows Mobile, Nokia, Palm, and GPS devices like TomTom and Garmin. The low-low price of free is definitely right.

trapster2.jpg

It seems like Trapster should consider encrypting the login. If the site was breached and all those email addresses and passwords were compromised, the 10,028,551 total users make the 1.3 million exposed usernames and passwords from the Gawker Media hack look tiny.

If you use Trapster, change your password. 

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies