Photo by Artiom Vallat on Unsplash
BMW Security Flaw Exposed Sensitive Company Information
February 15, 2024
A faulty cloud storage server owned by premium car giant BMW revealed sensitive company information, which includes internal data and private keys, according to TechCrunch.
Speaking to TechCrunch, Can Yoleri, a security researcher at threat intelligence company SOCRadar, said that he spotted the exposed BMW cloud storage server when he was doing a regular scan of the internet.
Yoleri revealed that the exposed Microsoft Azure-hosted storage server, also referred to as a “bucket,” in BMW’s development space was “accidentally configured to be public instead of private due to misconfiguration.”
He added that the storage bucket had within it “script files that include Azure container access information, secret keys for accessing private bucket addresses, and details about other cloud services.”
Screenshots were shared with TechCrunch that show the exposed data, which entails login details for BMW’s production and development databases and personal keys for BMW’s cloud services in the U.S., China, and Europe.
It’s unclear at the moment as to the amount of data that was exposed or how long the cloud bucket was out there on the internet. Yoleri said, “Unfortunately, this is the biggest unknown in public bucket problems. Only the bucket owner can see how long it has actually been open.”
According to BMW spokesperson Chris Overall, the data exposure affected a Microsoft Azure bucket within a storage development environment, with no impact on customer or personal data. He added that “the BMW Group was able to fix this issue at the beginning of 2024, and we continue to monitor the situation together with our partners.”
BMW refrained from commenting on the duration of exposure or whether malicious groups had detected the storage bucket. Yoleri said there was no evidence to support this, however, he noted that it “does not mean it doesn’t exist.” He explained, “Even if the bucket has been made private, it was necessary to change these access keys. It doesn’t matter if the bucket is private anymore.”
Recent News
Nvidia Hits a $3 Trillion Milestone
Nvidia Corp., under the leadership of CEO Jensen Huang, has reached a significant milestone with a market valuation of $3 trillion, propelling Huang into the ranks of the world’s wealthiest individuals. As of Friday, Huang’s net worth soared to $106.1 billion, surpassing that of Michael Dell, making him the 13th richest person globally, according to the Bloomberg Billionaires Index.
Samsung Electronics Workers Stage Historic Strike
In an unprecedented move, workers at Samsung Electronics went on strike for the first time ever. The one-day strike was organized by the National Samsung Electronics Union (NSEU), the largest of Samsung’s unions, and took place outside Samsung’s Seoul office building. The strike stems from a deadlock in negotiations over pay bonuses and time off. Most of the striking workers hail from Samsung’s chip division, underscoring the specific challenges the company faces in this intensifying AI sector.
Nvidia’s Stock Soars Tenfold Following 10-For-1 Split
Shares of Nvidia, the hottest stock on the S&P 500, surged tenfold on Friday following the company’s highly anticipated 10-for-1 stock split. Announced in May during Nvidia’s latest earnings call, the stock split went into effect after the market closed.
GameStop meme lord Reveals Himself
In a dramatic return to the spotlight, Keith Gill, the famed “meme lord” behind the wild movements of GameStop stock, made his first public appearance in three years. Known online as “Roaring Kitty,” Gill surprised fans and traders alike with a livestream on his YouTube channel, sparking renewed interest and volatility in GameStop shares.