Subj : BMW security error left valuable private company data exposed onl To : All From : TechnologyDaily Date : Thu Feb 15 2024 15:15:04 BMW security error left valuable private company data exposed online Date: Thu, 15 Feb 2024 15:03:28 +0000 Description: The misconfigured database was locked down early in 2024. FULL STORY ====================================================================== Automotive giant BMW kept a cloud storage server hosting sensitive data such as private keys and internal information unprotected on the internet, and available to anyone who knew exactly where to look. Security researcher Can Yoleri approached TechCrunch claiming to have found a Microsoft Azure bucket that was misconfigured, and thus set to be public instead of private. Yoleri explained that the bucket held script files that include Azure container access information, secret keys for accessing private bucket addresses, and details about other cloud services. He also found private keys for BMWs cloud services in China, Europe, and the US. The bucket also contained login credentials for BMWs production and development databases. No evidence of file tampering The logical conclusion here is that if Yoleri could find it - so can malicious actors. Unfortunately, only BMW can say for how long the database remained unprotected, and if anyone accessed it beforehand. The carmakers spokesperson told the publication that there was no evidence the incident affected customers, or personal data . The database was locked down at the beginning of 2024, the spokesperson confirmed. However, not finding evidence and something not happening at all are, obviously, two entirely different things. Whether or not someone steps forward with a database remains to be seen. However, the worst part is that BMW did not change the secrets that were hosted in the database, Yoleri said. If someone accessed it in the past, it doesnt matter that its now locked down - the credentials and other secrets in there are still valid, and valuable. Were still waiting on confirmation that BMW has revoked the secrets. Unprotected and misconfigured databases remain one of the most common causes of data leaks and spills today. More from TechRadar Pro A US government email server was found without any password security Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/bmw-security-error-left-valuable-privat e-company-data-exposed-online --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .