{“lastseen”:”2025-09-05T18:30:01″,”description”:”A hacker cracked into a database of video recordings taken from Nexar-branded cameras, which are built to be placed drivers\u2019 cars, according to a new report from 404 Media.\\n\\nNexar is a dashcam company that promotes its products as \u201cvirtual CCTV cameras\u201d and offers automatic cloud uploads of critical incidents, AI-driven insights, and real-time road alerts. It offers customers remote video streaming, live GPS tracking, and easy-to-share video-evidence.\\n\\nNexar also sells access to reportedly blurred images captured by the cameras and other related data to other companies. Nexar monetizes users\u2019 data and recordings by repackaging them into various products. One of those is the company\u2019s CityStream map which uses recent and blurred images taken by Nexar dashcams, superimposes them on a publicly available map, and annotates things such as yield or speed limit signs, damaged roads, and other hazards.\\n\\nThis level of access and data management should come with a healthy, corporate security stance. But, according to the hacker who breached the company’s systems, Nexar is an absolute privacy nightmare with embarrassing security. Allegedly, it only took the hacker 2 hours to breach Nexar systems, and they stated:\\n\\n\\u003e \u201cI would be very surprised if no one (foreign government or just bad actor) wasn\u2019t already tapping their customer data.\u201d\\n\\nIn one clip the hacker provided to 404 Media as proof, a Nexar camera is faced inwards for a car, capturing what appears to be a rideshare driver picking up passengers. Like in many other videos, people’s faces are clearly visible.\\n\\nNexar co-founder and CTO Bruno Fernandez-Ruiz told 404 Media in an email that, per Nexar\u2019s privacy policy, users who contribute to the CityStream feature do so with either opt-in\u2014or opt-out\u2014consent, depending on the jurisdiction.\\n\\nBesides the personal implications, 404Media also mentioned and highlighted some potential national security risks that could be found in the evidence the hacker provided.\\n\\nThe hacker found all the videos on an improperly secured Amazon Web Services (AWS) bucket. An AWS bucket is like a virtual file folder in the cloud where you can store various types of data, such as text files, images, videos, and more. There, the hacker found more than 130 TB worth of data.\\n\\nThe hacker were able to access the AWS bucket because embedded in every Nexar dashcam was a key to this database. And this key came with high privileges\u2014too high. These access privileges not only allowed anyone with the key to upload their own camera\u2019s data, but to also access those of everyone else.\\n\\nAnother find by the hacker was a file showing the companies and organizations that Nexar says have had access to the company’s data. According to the document, these include Apple, Microsoft, Amazon, Google, Pok\u00e9mon Go creator Niantic, transportation companies Lyft and Waymo, the cities of Los Angeles and Austin, the NYPD, and many AI- and logistics-focused companies.\\n\\nNexar fixed this issue after being contacted by 404 Media this week, but the level of trust that should be expected from a company that stores dashcam or CCTV images has taken a serious hit.\\n\\n## Protecting yourself after a data breach\\n\\nThere are some actions you can take if you are, or suspect you may have been, the victim of a data breach.\\n\\n * **Check the vendor\u2019s advice.** Every breach is different, so check with the vendor to find out what\u2019s happened and follow any specific advice they offer.\\n * **Change your password.** You can make a stolen password useless to thieves by changing it. Choose a strong password that you don\u2019t use for anything else. Better yet, let a password manager choose one for you.\\n * **Enable two-factor authentication**** (2FA****).** If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can\u2019t be phished.\\n * **Watch out for fake vendors.** The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims and verify the identity of anyone who contacts you using a different communication channel.\\n * **Take your time.** Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.\\n * **Consider not storing your card details**. It\u2019s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.\\n * **Set up identity monitoring****.** Identity monitoring alerts you if your personal information is found being traded illegally online and helps you recover after.\\n\\n\\n\\n* * *\\n\\n**We don ‘t just report on data privacy\u2014we help you remove your personal information**\\n\\nCybersecurity risks should never spread beyond a headline. With Malwarebytes Personal Data Remover, you can scan to find out which sites are exposing your personal information, and then delete that sensitive data from the internet.”,”published”:”2025-09-05T16:52:42″,”modified”:”2025-09-05T16:52:42″,”type”:”malwarebytes”,”title”:”Nexar dashcam video database hacked”,”source”:””,”references”:””,”id”:”MALWAREBYTES:669138D0EB62B8676BAE43C3AE51B9D9″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/09\/nexar-dashcam-video-database-hacked”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-09-05T18:30:01″,”description”:”A hacker cracked into a database of video recordings taken from Nexar-branded cameras, which are built to be placed drivers\u2019 cars, according to a new…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-16115","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n