Tech

Hotai Motor reveals thousands of iRent customer documents TechCrunch

Taiwanese auto conglomerate Hotai Motor disclosed a slew of personal customer data from its car-sharing and rental unit, iRent, until a security researcher found the data online on last week.

Even then, it took the company a week — and the intervention of the Taiwanese government — to act.

Hotai Motor is one of the largest financial holding companies in Taiwan, and is also Toyota’s distributor in Taiwan. iRent is a popular car service app, acquired by Hotai in 2022, that allows customers to pay by the hour to rent cars that can be found floating freely or at a warehouse.

I rent report has over 1.1 million registered cars and 580,000 iRent users.

security researcher Anurag Sen discovered a database containing partially edited full names, mobile phone numbers and email addresses, home addresses, driver’s license photos and payment card details of iRent customers on a cloud server owned by Hotai that is inadvertently accessible from the Internet.

Since the database is not password protected, anyone on the internet can access iRent customer data just by knowing its IP address.

Sen said the exposed database also contained millions of credit card numbers and at least 100,000 customer identification documents, as well as selfies, signatures and rental car details.

TechCrunch reviewed part of the leaked data and confirmed Sen’s findings. Internet records by Shodan, a search engine for exposed devices and databases, show that the database leaked data from May 2022 and contained about 4.2 terabytes of data at the time. point it is confidential.

TechCrunch sent several emails this week to Hotai Motor with details about the exposed database, but we received no response. Meanwhile, the database is always updating new customer data in real time.

On January 28, TechCrunch then contacted Taiwan’s Ministry of Digital, the country’s government agency that regulates and oversees the internet and telecommunications, for help in disclosing the security flaw. for company. In an emailed response, Taiwan’s Minister for Digital Affairs Audrey Tang told TechCrunch that the exposed database was flagged with Taiwan’s national computer emergency response team, known as TWCERT/CC. Within an hour, the iRent database was exposed and inaccessible.

A short time later, Hotai Motor confirmed that the database was secure. “We blocked external connections to this IP immediately.” Hotai said it will notify customers whose data has been exposed.

It is unclear if anyone else, other than Sen, found the database during the nine months of the leaked data.

This is not the first time a car rental company has compromised the data of its own customers. Back in 2017, Hertz accidentally leaked the personal data of 36,000 customers. France’s National Data Protection Authority Hertz France fined €40,000 at the time because the data was supposed to be easily accessible online.



Source by [author_name]

news7h

News7h: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, Sports...at the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button