cyber Breach

INDYCAR

Nov 19, 2023 1 min read
INDYCAR

A well-known cybersecurity specialist has found on the internet an accessible Rsync server that is storing the personal information of at least 200,000 Indianapolis Motor Speedway enthusiasts.

Subsequent investigation indicated that the data originated from the archive of the now-defunct DownForce racing forum, which was part of a platform utilised by IndyCar.

Vickery said that information about the forum users' everyday activities, including employee login credentials, was contained in the archive.

The whole DownForce backup, which includes information on hundreds of thousands of individuals, including first and last names, dates of birth, gender, mailing addresses, password hashes, security questions, and answers, has been discovered by Vickery to be publicly accessible online.

Source: https://securityaffairs.com/55841/data-breach/indycar-data-leak.html

TPRM report: https://scoringcyber.rankiteo.com/company/indycar

"id": "ind538191123",
"linkid": "indycar",
"type": "Data Leak",
"date": "01/2017",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'customers_affected': 200000,
                        'industry': 'Sports',
                        'location': 'Indianapolis',
                        'name': 'Indianapolis Motor Speedway',
                        'type': 'Organization'},
                       {'industry': 'Sports',
                        'name': 'DownForce Racing Forum',
                        'type': 'Organization'}],
 'attack_vector': 'Exposed Rsync Server',
 'data_breach': {'number_of_records_exposed': 200000,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal Information',
                                              'Login Credentials']},
 'description': 'A cybersecurity specialist discovered an accessible Rsync '
                'server storing personal information of at least 200,000 '
                'Indianapolis Motor Speedway enthusiasts. The data originated '
                'from the archive of the now-defunct DownForce racing forum, '
                'part of a platform utilized by IndyCar. The archive included '
                "forum users' everyday activities and employee login "
                'credentials. The entire DownForce backup, including first and '
                'last names, dates of birth, gender, mailing addresses, '
                'password hashes, security questions, and answers, was '
                'publicly accessible online.',
 'impact': {'data_compromised': ['first and last names',
                                 'dates of birth',
                                 'gender',
                                 'mailing addresses',
                                 'password hashes',
                                 'security questions',
                                 'answers'],
            'systems_affected': 'Rsync Server'},
 'initial_access_broker': {'entry_point': 'Exposed Rsync Server'},
 'post_incident_analysis': {'root_causes': 'Misconfigured Rsync Server'},
 'references': [{'source': 'Cyber Incident Description'}],
 'title': 'Data Breach of DownForce Racing Forum',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Misconfigured Rsync Server'}
Published by
Roshni Ray
Roshni Ray
You might also like
Breach cyber

Dansons

public 1 min read
The breach involved unauthorized access to customer payment information, affecting 19 New Hampshire residents. The compromised information included names, addresses,…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.