cyber Breach

BMW KUN Exclusive - Bengaluru

Dec 24, 2023 1 min read
BMW KUN Exclusive - Bengaluru

The cyber news research team has found that private information was made public by the Bengaluru location of BMW Kun Exclusive, an Indian BMW dealership.

Threat actors might have completely taken control of the BMW outlet's internal systems as a result of the data leak, giving them unauthorised access to private customer and corporate information.

The BMW Kun Exclusive exposed its systems when it made a public environment configuration file (.env) available.

The package included login credentials for other company accounts across India, including those of nineteen additional dealerships, tokens, and API keys that allowed access to internal systems and their personal WhatsApp account in addition to tokens and platform logins for sending marketing-related SMS.

Source: https://securityaffairs.com/156182/data-breach/bmw-dealer-at-risk-of-takeover-by-cybercriminals.html

TPRM report: https://scoringcyber.rankiteo.com/company/bmwkunexclusivebengaluru

"id": "bmw146251223",
"linkid": "bmwkunexclusivebengaluru",
"type": "Data Leak",
"date": "12/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Automobile',
                        'location': 'Bengaluru, India',
                        'name': 'BMW Kun Exclusive',
                        'type': 'Dealership'}],
 'attack_vector': 'Exposed configuration file (.env)',
 'data_breach': {'type_of_data_compromised': ['Customer information',
                                              'Corporate information',
                                              'Login credentials',
                                              'Tokens',
                                              'API keys']},
 'description': 'Private information was made public by the Bengaluru location '
                'of BMW Kun Exclusive, an Indian BMW dealership. Threat actors '
                "might have completely taken control of the BMW outlet's "
                'internal systems as a result of the data leak, giving them '
                'unauthorised access to private customer and corporate '
                'information. The BMW Kun Exclusive exposed its systems when '
                'it made a public environment configuration file (.env) '
                'available. The package included login credentials for other '
                'company accounts across India, including those of nineteen '
                'additional dealerships, tokens, and API keys that allowed '
                'access to internal systems and their personal WhatsApp '
                'account in addition to tokens and platform logins for sending '
                'marketing-related SMS.',
 'impact': {'data_compromised': ['Customer information',
                                 'Corporate information',
                                 'Login credentials',
                                 'Tokens',
                                 'API keys'],
            'systems_affected': ['Internal systems',
                                 'Personal WhatsApp account',
                                 'SMS marketing platforms']},
 'title': 'BMW Kun Exclusive Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Public exposure of environment configuration file'}
Published by
Roshni Ray
Roshni Ray
You might also like
Breach cyber

Dansons

public 1 min read
The breach involved unauthorized access to customer payment information, affecting 19 New Hampshire residents. The compromised information included names, addresses,…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.