WINDSOR, ONTARIO—A misconfigured data transfer server left sensitive data from big name car makers and their employees wide open to the Internet earlier this month, a security vendor has revealed. Itnews.com reports that documents belonging to more than 100 manufacturing companies were exposed on a publicly accessible server belonging to Level One Robotics, which is an engineering service provider that specialises in automation process and assembly for OEMs, Tier 1 automotive suppliers and end-users.
Among the companies whose data was exposed were divisions of Volkswagen, Chrysler, Ford, Toyota, General Motors, Tesla and ThyssenKrupp.
There was no indication that any of the data had been accessed by third parties.
The data was found on July 1, and after Level One was informed on July 9, the site was secured the following day. The data was exposed through the improper use of rsync, a common file transfer protocol used to mirror or back up large datasets. The rsync server was not restricted by IP or user and any rsync client that connected to the rysnc port could download the data.
Exposed customer data includes factory plans, assembly line and factory schematics, robot configurations, identity badge requests and virtual private networking access forms, along with non-disclosure agreements. Some employee and level one data was also exposed.