Automakers trying to keep their trade secrets from unwanted eyes saw those efforts hurt after a security researcher found tens of thousands of corporate documents sitting on the internet for anyone to access.
According to a report in The New York Times, the information included data from greater than 100 companies that had interacted with Level One Robotics and Controls out of Canada. The New York Times reported that some of the documents include blueprints and factory layouts, client materials including contracts and nondisclosures agreements. “That was a big red flag,” said Chris Vickery, the researcher who found the data in the NYT report. “If you see NDAs, you know right away that you’ve found something that’s not supposed to be publicly available.” The paper noted that it’s not clear if anyone else saw the documents. Level One was alerted by the researcher and the information was taken offline. The research was able to find Level One’s data through a backup server that didn’t require a password or special access permissions. That means anyone who connected could access and download the data totaling 157 gigabytes and 47,000 files. The data included information from Fiat Chrysler, Ford, General Motors, Tesla, Toyota and Volkswagen.
According to the NYT, the latest breach in data underscores a trend in which some of the largest breaches happened because of suppliers and contractors who were hacked. It pointed to an incident in 2013 in which hackers breached Target’s payment terminals and stole credit card data on millions of customers. The attackers hacked a heating and ventilation contractor of Target to find an entrance into the Target network. In June, Ticketmaster’s payment information was stolen from thousands of customers in a breach it blamed on software provided by Inbenta, which operates customer service chatbots for Ticketmaster. Meanwhile, Ponemon Institute found 56 percent of business polled in 2017 said they had a data breach linked to a vendor. “It’s relatively recently that C-level executives have begun to acknowledge that some of their third-party relationships are creating unbelievable risk,” said Larry Ponemon, the research firm’s founder, in the report.