Photo by Artiom Vallat on Unsplash
BMW Security Flaw Exposed Sensitive Company Information
February 15, 2024
A faulty cloud storage server owned by premium car giant BMW revealed sensitive company information, which includes internal data and private keys, according to TechCrunch.
Speaking to TechCrunch, Can Yoleri, a security researcher at threat intelligence company SOCRadar, said that he spotted the exposed BMW cloud storage server when he was doing a regular scan of the internet.
Yoleri revealed that the exposed Microsoft Azure-hosted storage server, also referred to as a “bucket,” in BMW’s development space was “accidentally configured to be public instead of private due to misconfiguration.”
He added that the storage bucket had within it “script files that include Azure container access information, secret keys for accessing private bucket addresses, and details about other cloud services.”
Screenshots were shared with TechCrunch that show the exposed data, which entails login details for BMW’s production and development databases and personal keys for BMW’s cloud services in the U.S., China, and Europe.
It’s unclear at the moment as to the amount of data that was exposed or how long the cloud bucket was out there on the internet. Yoleri said, “Unfortunately, this is the biggest unknown in public bucket problems. Only the bucket owner can see how long it has actually been open.”
According to BMW spokesperson Chris Overall, the data exposure affected a Microsoft Azure bucket within a storage development environment, with no impact on customer or personal data. He added that “the BMW Group was able to fix this issue at the beginning of 2024, and we continue to monitor the situation together with our partners.”
BMW refrained from commenting on the duration of exposure or whether malicious groups had detected the storage bucket. Yoleri said there was no evidence to support this, however, he noted that it “does not mean it doesn’t exist.” He explained, “Even if the bucket has been made private, it was necessary to change these access keys. It doesn’t matter if the bucket is private anymore.”
Recent News
Premium and Healthier Food Options Gain Traction
As consumers become more mindful of their spending, the global sales of cooking ingredients and meals saw a notable increase of 4.4% in 2023, driven by inflation and higher commodity prices, according to Euromonitor International. This trend underscores a shift in consumer behavior towards more economical choices while still showing a preference for premium, healthier, and environmentally sustainable options.
Dairy Manufacturers Inc. Issues Voluntary Recall of Baby Formula
In a significant move, Dairy Manufacturers Inc., a Texas-based company, has initiated a voluntary recall of several baby formula products after they were found to be noncompliant with U.S. Food and Drug Administration (FDA) regulations. The recall encompasses all lot codes of three specific products: Crecelac Infant 0-12, Farmalac 0-12, and Farmalac 0-12 Low Lactose. This announcement was officially published on the FDA’s website on Saturday.
Fitness Equipment to Become $18.4 Billion Market
The global fitness equipment market is projected to reach $18.4 billion by 2033, growing at a CAGR of 3.02% from 2024 to 2033, according to Allied Market Research. Key drivers include the integration of Internet of Things (IoT) technology in fitness devices and the rise of corporate wellness programs. IoT-enabled equipment captures workout metrics in real time, enhancing user engagement and offering personalized insights. Corporate wellness initiatives promote physical activity in the workplace, increasing demand for fitness equipment in corporate gyms.
Walmart Ends Partnership with Capitol One
Walmart has officially ended its consumer credit card agreement with Capital One, marking a significant shift in the retail giant’s financial partnerships. This decision follows a series of disputes over customer service issues that culminated in a legal battle and a federal judge’s ruling.