BMW security lapse exposed sensitive company information, researcher finds
Reading Time: < 1 minutesYoleri said the exposed Microsoft Azure–hosted storage server — also known as a ‘bucket’ — in BMW’s development environment was ‘accidentally configured to be public instead of private due to misconfiguration.’
Yoleri added that the storage bucket contained ‘script files that include Azure container access information, secret keys for accessing private bucket addresses, and details about other cloud services.’
The spokesperson added that ‘the BMW Group was able to fix this issue at the beginning of 2024, and we continue to monitor the situation together with our partners.’
BMW would not say for how long the storage bucket was exposed or whether it had observed any malicious access to the exposed data. Yoleri said that while he doesn’t have any evidence of malicious access, ‘that does not mean it doesn’t exist.’
‘Even if the bucket has been made private, it was necessary to change these access keys. It doesn’t matter if the bucket is private anymore,’ Yoleri said. He added that he tried to reach out to BMW about this subsequent issue but did not receive a response.
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG