Production processes, technical specifications, schematics and supplier contracts were all part of a 157-gigabyte treasure trove of automotive OEM information that was recently found unprotected.
Chris Vickery is a security researcher who works for cyber security firm Upguard. The company specializes in finding and exposing lapses in on-line security.
He discovered the unsecured server containing sensitive information from carmakers that include Fiat Chrysler, Ford, General Motors, Tesla, Toyota and Volkswagen. The data spanned more than 10 years.
While we’re not sure who would be interested in Tesla’s production strategies, what is known is that the nearly 47,000 sensitive documents and 100 companies impacted by the unprotected server had one common thread: a working relationship with a Canadian firm named Level One Robotics and Controls.
Just as the name would suggest, the firm specializes in designing automation processes for automakers and affiliated suppliers. Vickery reportedly found the data on one of Level One’s backup servers that wasn’t password-protected. So no “hacking” was required. It was basically just finding the location of the folders and related documents.
According to Level One, it was “extremely unlikely” that someone could have stumbled across the server to view, download or change this data. The leaked documents were also reported to contain employee data, such as scans of driver’s licenses and passports.
Although no customer data was made public, Level One took down the information as soon as it heard about the breach from Vickery.