Photo by Artiom Vallat on Unsplash
BMW Security Flaw Exposed Sensitive Company Information
February 15, 2024
A faulty cloud storage server owned by premium car giant BMW revealed sensitive company information, which includes internal data and private keys, according to TechCrunch.
Speaking to TechCrunch, Can Yoleri, a security researcher at threat intelligence company SOCRadar, said that he spotted the exposed BMW cloud storage server when he was doing a regular scan of the internet.
Yoleri revealed that the exposed Microsoft Azure-hosted storage server, also referred to as a “bucket,” in BMW’s development space was “accidentally configured to be public instead of private due to misconfiguration.”
He added that the storage bucket had within it “script files that include Azure container access information, secret keys for accessing private bucket addresses, and details about other cloud services.”
Screenshots were shared with TechCrunch that show the exposed data, which entails login details for BMW’s production and development databases and personal keys for BMW’s cloud services in the U.S., China, and Europe.
It’s unclear at the moment as to the amount of data that was exposed or how long the cloud bucket was out there on the internet. Yoleri said, “Unfortunately, this is the biggest unknown in public bucket problems. Only the bucket owner can see how long it has actually been open.”
According to BMW spokesperson Chris Overall, the data exposure affected a Microsoft Azure bucket within a storage development environment, with no impact on customer or personal data. He added that “the BMW Group was able to fix this issue at the beginning of 2024, and we continue to monitor the situation together with our partners.”
BMW refrained from commenting on the duration of exposure or whether malicious groups had detected the storage bucket. Yoleri said there was no evidence to support this, however, he noted that it “does not mean it doesn’t exist.” He explained, “Even if the bucket has been made private, it was necessary to change these access keys. It doesn’t matter if the bucket is private anymore.”
Recent News
Walgreens Settlement: What You Need to Know
Walgreens recently settled a class action lawsuit, potentially putting cash in the pockets of Americans who faced job denials due to background checks. The settlement, a result of alleged Fair Credit Reporting Act violations, offers up to $918.28 to affected individuals. While Walgreens didn’t admit fault, it agreed to pay an undisclosed sum.
California Electric Bill Overhaul: What’s Ahead
California’s electricity payment system is getting a makeover. Recently, state regulators greenlit a shift to flat-rate billing, aiming to curb surging energy costs. Under this new scheme, most customers of investor-owned utility companies will face a fixed monthly charge of $24.15, trimming the per-kilowatt-hour usage fee by five to seven cents.
AI Has Mastered the Art of Deception
AI, celebrated for its productivity-boosting capabilities, harbors a deceptive side as revealed by recent research. This unsettling finding underscores the need for heightened awareness and regulatory measures to address the risks posed by AI’s ability to induce false beliefs.
Chinese EVs Navigate Global Markets Amid Rising Trade Tensions
China’s electric vehicle (EV) sector is making strategic moves into offshore markets for increased funding, exemplified by the recent success of Zeekr, a premium EV brand under Geely, which saw its shares surge 34% in the largest US IPO by a Chinese company since 2021.