Cheraw Chronicle

Complete News World

BMW accidentally makes Azure server with private keys public – Image & Audio – News

Automaker BMW has leaked sensitive company information due to a misconfiguration of its Microsoft Azure server. It is unknown how long the server has been open. BMW says it is now private again.

The vulnerability was discovered by security researcher Can Yoleri. Writes TechCrunch. He came across the open server during a routine scan. The storage server hosted by Microsoft Azure, also called a “bucket” in BMW's development environment, “accidentally became public instead of private due to a configuration error,” Euleri told the site.

According to the researcher, the group contains keys that provide access to the group's private addresses and details about other cloud services. The keys provide access to BMW cloud services in China, Europe and the US, TechCrunch concluded based on screenshots provided by Yoleri. Login details for BMW's production and development databases were also visible.

A BMW spokesperson confirmed to TechCrunch that there is a leak and that it will be resolved “early 2024.” It is claimed that no customer data was leaked. The car manufacturer does not want to say whether other parties have access to the data and how long the collection has been available to the public. Yoleri claims that even though the server has been made private again, the data and keys have not been revoked or changed. He says he tried to contact BMW about the matter but received no response.

BMW is the second car manufacturer to accidentally leak sensitive data online in a short period of time. In January, Mercedes-Benz leaked its source code via GitHub. This is because the employee's GitHub code accidentally ended up in a public repository.