PL RU
Contact

By the end of July The Register have informed about a massive 157 GB data leak. The exposed data was mostly a confidential document of most well known manufacturing companies such as Tesla, Volkswagen, General Motors, Toyota and Ford. The fault was a weak security in one of the robots on the assembly line which belonged to Level One Robotics (LOR) company.

All of the data was on the server runned by LOR to which everyone could easily enter without the need of the password but only giving an IP address of the server. Leaked data included documents from over 10 years containing factory floor layouts, assembly line details and robotic configurations. Additionally, massive amount of data including confidential employees details: ID badges, scans of driving licences, passports and NDAs. Above all, there were also invoices, bank details and contracts.

A security hole was discovered by the company called UpGuard which then contacted the operator and owner of the assembly line machines in manufacturing companies. The data was exposed via rsync, a common file transfer protocol used to backup large data sets. You didn't need to enter any password to get access, therefore, each user knowing only IP address was able to access data from Level One Robotics servers. The whole process was described in details on UpGurard blog where they also included samples of documents. The leak was especially sensitive for the manufacturing companies because of the all information considering factory details. Mechanisms, specific machinery or factory layouts were extremely valuable information.