According to news from this site on February 18, foreign media TechCrunch recently reported that a configuration error occurred in the cloud storage server of the automobile giant BMW, resulting in sensitive private keys and internal data. Information exposed.
Researcher Can Yoleri said that during a routine scan, he discovered that the Microsoft Azure managed storage server (also called a "bucket") in the BMW development environment was configured as public instead of private .
Yoleri added that the bucket contains script files that contain Azure container access information, keys for private storage server addresses and details for other cloud services.
According to information learned by TechCrunch, the exposed data includes BMW’s cloud service private keys in China, Europe and the United States, as well as login credentials for BMW’s production and development databases. However, currently It's unclear exactly how much data was exposed.
A BMW spokesperson has confirmed that the data breach affected a Microsoft Azure bucket based on the storage development environment and said that no customer or personal data was affected. The spokesperson added: "The BMW Group has fixed the issue in early 2024 and we will continue to monitor the situation together with our partners."
BMW declined to disclose the cloud storage server exposure The duration of the incident and whether the data was maliciously accessed. According to researcher Yoleri, BMW has not revoked or changed the set of passwords and credentials found in the affected cloud storage servers.
Mercedes-Benz has also encountered similar data security issues recently. Security Lab RedHunt discovered a GitHub private key in an employee's code repository. This private key can access all code on Mercedes-Benz's internal GitHub server.
The above is the detailed content of BMW confirms data breach: Cloud storage server configuration error. For more information, please follow other related articles on the PHP Chinese website!