The cyber news research team has found that private information was made public by the Bengaluru location of BMW Kun Exclusive, an Indian BMW dealership.
Threat actors might have completely taken control of the BMW outlet's internal systems as a result of the data leak, giving them unauthorised access to private customer and corporate information.
The BMW Kun Exclusive exposed its systems when it made a public environment configuration file (.env) available.
The package included login credentials for other company accounts across India, including those of nineteen additional dealerships, tokens, and API keys that allowed access to internal systems and their personal WhatsApp account in addition to tokens and platform logins for sending marketing-related SMS.
Source: https://securityaffairs.com/156182/data-breach/bmw-dealer-at-risk-of-takeover-by-cybercriminals.html
"id": "BMW146251223",
"linkid": "bmwkunexclusivebengaluru",
"type": "Data Leak",
"date": "12/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"