AutoBeta(AutoBeta.net)03/03 Report--

The data of another car company has been leaked, this time BMW, a well-known German luxury brand.

On February 18, the media reported that a configuration error occurred on BMW's cloud storage server, which led to the disclosure of sensitive information such as private keys and internal data.

It is understood that the areas where the data were leaked included BMW's private keys for cloud services in China, Europe and the United States and login credentials for BMW's production and development databases. So far, it is not clear exactly how much data has been exposed, or when the data began to leak.

In fact, data leaks from automobile companies often occur in the automobile field. According to relevant data, in the past 2023, there were more than 20 data leaks related to car companies across the country. Toyota said in May 2023 that the vehicle data of about 2.15 million users was at risk of being leaked in Japan due to missettings in the cloud environment, including the identification number and location of the vehicle equipment. In addition, in the same month, Tesla also aroused widespread concern in the market for the disclosure of internal employee data, which affected 75000 people, including employee-related records, and the incident originated from "internal employee misconduct." the following August A copy of a letter sent by Tesla to those affected with a notice of data disclosure said: "Foreign media (German Business Daily) informed Tesla on May 10, 2023 that he had obtained confidential information from Tesla. The investigation showed that two former Tesla employees violated the company's IT security and data protection policy, embezzled the information and shared it with the media (German Business Daily). "

Recently, another well-known German luxury brand Mercedes-Benz has also been exposed a similar data security incident. It is understood that the security laboratory RedHunt found the GitHub private key from the code warehouse of a Mercedes-Benz employee, and this private key can access all the code on the GitHub server within the Mercedes-Benz enterprise.

The automobile industry is undergoing great innovation. As the automobile industry enters the new era of intelligent network connection, more and more cars are endowed with the characteristics of intelligence and interconnection, and as the intelligent network connection automobile has become the development trend of the automobile industry, user data security has also become an important part of automobile security and attention. Whether it is an enterprise or an individual, the disclosure of user data will bring huge losses.

In response to the BMW data leak, it was reported that some researchers said that during a routine scan, it was found that the Microsoft Azure managed storage server in the BMW development environment was configured as public rather than private. The hosted storage server contains script files, keys to access private storage server addresses, and details of other cloud services.

So far, a BMW spokesman has confirmed that the data leak affected Microsoft Azure buckets based on the storage development environment, and said that no customer or personal data was affected. The spokesman added that BMW Group had fixed the problem in early 2024 and would continue to monitor relevant information with partners.

Welcome to subscribe to the WeChat public account "Automotive Industry Focus" to get the first-hand insider information on the automotive industry and talk about things in the automotive circle. Welcome to break the news! WeChat ID autoWechat