Data Breach Exposes Trade Secrets of Carmakers GM, Ford, Tesla, Toyota (Jul 21, 2018)
Security researchers at UpGuard CyberRisk uncovered that sensitive documents from over 100 different manufacturing companies were exposed on a publicly accessible server. The breach occurred through Level One Robotics where an rsync server allowed unrestricted access to secretive data. Over 157 gigabytes of data including trade secrets from corporations like GM, Telsa, and Toyota could be found if someone knew where to look. It is unclear whether any data was obtained by threat actors at the time of this article’s publication.
Recommendation: UpGuard recommends that rsync instances should be restricted by IP addresses. User access to rsync must be set up so that clients must be authenticated before receiving a dataset. Sensitive data, personnel information, schematics, and other types of company information needs to be properly protected by adequately secured data storage.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.