Jul 20, 2018

Leaky data exposes big auto's secrets

The output of a Volkswagon plant in Poland. Photo: Wojtek Laski / Getty

Level One Robotics failed to secure a cache of trade information about its clients, including VW, Chrysler, Ford, Toyota, GM, Tesla and ThyssenKrupp, according to a new report by security firm UpGuard.

Why it matters: While there is no evidence that any malicious forces found the data left vulnerable by misconfiguring the file sharing protocol rsync, it is yet another reminder that data owners often leave huge caches of data exposed by accident. If an attacker put in the work to search for insecure files, it may have come across the data.

Details: Level One makes automated manufacturing machines. The leaky data included "over 10 years of assembly line schematics, factory floor plans and layouts, robotic configurations and documentation, ID badge request forms, VPN access request forms, and ironically, non-disclosure agreements, detailing the sensitivity of the exposed information," according to an UpGuard blog post. It also included personal information on Level One employees, including in some cases photos of passports or drivers licenses.

The discovery: Upguard researcher Chris Vickery discovered 157 gigabytes of data on July 5. Level One plugged up security holes by July 7.

  • The data included information on more than 100 companies who work with Level One.
  • Vickery praised Level One for quickly remediating the problem.

Go deeper

Updated 12 mins ago - Politics & Policy

Updates: George Floyd protests nationwide

Police officers wearing riot gear push back demonstrators outside of the White House on Monday. Photo: Jose Luis Magana/AFP via Getty Images

Protests over the death of George Floyd and other police-related killings of black people continued for a seventh day across the U.S., with President Trump threatening on Monday to deploy the military if the unrest continues.

The latest: New York City Mayor Bill de Blasio tweeted early Tuesday that he'd just left the Bronx and the police commissioner was sending additional assistance to problem areas. Protesters were "overwhelmingly peaceful" Monday, he said. "But some people tonight had nothing to do with the cause + stole + damaged instead," he added.

2 hours ago - Technology

Civil rights leaders blast Facebook after meeting with Zuckerberg

Screenshot of an image some Facebook employees used as part of their virtual walkout on Monday.

A trio of civil rights leaders issued a blistering statement Monday following a meeting with Facebook CEO Mark Zuckerberg and other top executives to discuss the social network's decision to leave up comments from President Trump they say amount to calls for violence and voter suppression.

Why it matters: While Twitter has flagged two of the president's Tweets, one for being potentially misleading about mail-in ballot procedures and another for glorifying violence, Facebook has left those and other posts up, with CEO Mark Zuckerberg saying he doesn't want to be the "arbiter of truth."

4 hours ago - Technology

Cisco, Sony postpone events amid continued protests

Screenshot: Axios (via YouTube)

Cisco said Monday night that it is postponing the online version of Cisco Live, its major customer event, amid the ongoing protests that have followed the killing of George Floyd.

Why it matters: Cisco joins Sony, Electronic Arts and Google in delaying tech events planned for this week.