And if there haven’t been enough recent data incidents involving car manufacturers and their vendors, here’s a leak to give wannabe criminals some additional details that they might be able to use in a phishing or social engineering campaign. WebsitePlanet reports:
Cybersecurity Researcher Jeremiah Fowler discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained 5.1 million files totaling 10 TB. These included powers of attorney, vehicle registrations, estimates, repair invoices, and images of damaged vehicles with visible license plates and VIN numbers.
The publicly exposed database was not password-protected or encrypted. It contained 5,170,256 files and images. In a limited sampling of the exposed files, I saw insurance documents that contained names, physical addresses, phone numbers, and emails. I also saw registration documents that contained PII and additional details about the vehicle (including VIN number, year, make, model, and more).
The database also contained just under 16,000 powers of attorney documents, which bestow the named grantee the legal authority to purchase, transfer, and assign title for the specific motor vehicle on behalf of the owner. Alternatively, they could delegate that authority to someone else to apply for a title, registration, or certified copy of the title. These documents were signed electronically and included the IP addresses of the individuals who signed them. Additionally, the database contained internal documents, such as software license agreements, indicating the terms, fees, and other information that should not be publicly exposed.
Read more at Website Planet.