ADVERTISEMENT

BMW dealer at risk of takeover by cybercriminals

By neglecting to set a password, a BMW dealer in India has jeopardized the entire network of car dealerships in the country and put its clients at risk.

bmw india

Image by Cybernews

Paulina Okunytė
Paulina Okunytė Senior Journalist
Dec 19, 2023 Updated: 20 December 2023 3 min read
BMW India data leak

Cybersecurity neglect puts companies at risk

  • BMW Bird Automotive
  • BMW EVM Autokraft
  • BMW Infinity Cars
  • BMW Krishna Automobiles
  • BMW Munich Motors
  • BMW Navnit Motors
  • BMW Speed Motorwagen
  • BMW Titanium Autos
  • BMW Varsha Autohaus
  • BMW Bavaria Motors
  • BMW Eminent Cars
  • BMW Sanghi Classic
  • BMW OSL Prestige
  • BMW Gallops Autohaus
  • BMW Enterprise BMW
ADVERTISEMENT

API keys exposed

  • Event API: enables communication and information sharing between software programs or services.
  • Testdrive system API: used to interact with clients and handle the testdriving system.
  • Request callback API: enabling third parties to connect with a system or service by requesting a callback.
  • BMW Kun Exclusive Whatsapp support API: used to facilitate communication between businesses and their customers on the messaging platform.
  • Oauth token endpoint
BMW India data leak

Staying safe

  • Investigate access logs to identify whether any threat actors have accessed the exposed sensitive information.
  • Implement multi-factor authentication (MFA) to enhance account security.
  • Implement strict password policies and implement the use of strong, unique passwords.
  • Use encryption and access controls to keep API keys and secrets safe.
  • Regularly rotate keys and secrets to reduce the exposure window.
  • Check API usage for irregularities and suspicious activities.
ADVERTISEMENT