Sensitive data of more than hundred equipment manufacturers companies exposed online. The exposed data belongs to the manufacturing giants that includes VW, Chrysler, Ford, Toyota, GM, Tesla, and ThyssenKrupp.
UpGuard Cyber Risk team discovered the publically exposed data that includes over 10 years of assembly line schematics, factory floor plans and layouts, robotic configurations and documentation, ID badge request forms, VPN access request forms, and ironically, non-disclosure agreements, detailing the sensitivity of the exposed information.
The data exposed as the companies failed to restrict the rsync server by IP or user and the data is available in public for any rsync client.
Upguard team identified the exposed data on July 1st, 2018 and the issue reported to Tier 1 automotive suppliers on July 9th and the exposure was taken down by July 10th.
The exposed data contains Customer data contact details such as name, ID badges, VPN credentials and title of client employees. Employees data such as scans of passports, driver’s licenses, and other identification.
Also, it includes corporate data such as invoices, prices, scopes of work, customers, projects, and the common business documents. It is unclear if someone has access to the database other than Upguard.
“The supply chain has become the weakest part of enterprise data privacy. Companies that spend many millions a year on cybersecurity can still be exposed by a vendor who handles their data,” says Upguard.