The IT researchers at cyber resilience firm Upguard discovered a massive trove of highly publically available to be accessed by anyone. The belonged to hundreds of automotive giants including Tesla, Ford, Toyota, , Fiat, ThyssenKrupp, and Volkswagen – Thanks to a publically exposed server owned by Level One Robotics, a Canadian firm providing industrial automation services.

The data was discovered on July 1st, 2018, when  gigabytes of files (47,000 documents) were available on a server without any security. The analysis of the exposed data revealed that it includes trade secrets and other sensitive data from the automotive giants including scanned copies of passports, driver licenses, invoices, banking data, contracts, non-disclosure agreements, robotic configurations and 10 years of assembly line schematics etc.

157 GB of sensitive data from Tesla, GM, Toyota, others exposed online  - 157 gb of sensitive data from tesla gm toyota others exposed online 1 - 157 GB of sensitive data from Tesla, GM, Toyota & others

Image credit: Upguard

According to Upguard’s blog post, “The data was exposed via rsync, a common file transfer protocol used to mirror or backup large data sets. The rsync server was not restricted by IP or user, and the data set was downloadable to any rsync client that connected to the rsync port.”

Level One Robotics was informed about the on July 9th and at the time of publishing this article; the files were taken offline. However, it is unclear if the data was accessed by someone else other than Upguard. In case it happened, it can be a disaster for the companies since automotive companies prefer to keep their plans secret to avoid competitor from accessing them.

157 GB of sensitive data from Tesla, GM, Toyota, others exposed online  - 157 gb of sensitive data from tesla gm toyota others exposed online 2 1024x262 - 157 GB of sensitive data from Tesla, GM, Toyota & others

Image credit: Upguard

“Level One takes these allegations very seriously and is diligently working to conduct a full investigation of the nature, extent, and ramifications of this alleged data exposure,” Level One chief executive Milan Gasko told The New York Times. “In order to preserve the integrity of this investigation, we will not be providing comment at this time.”

There was no comment from the automotive firms affected by the breach.

Image credit: Depositphotos



Source link
Based Blockchain Network

LEAVE A REPLY

Please enter your comment!
Please enter your name here