Companies spend large sums to ensure that their trade secrets remain secrets, especially when each of their products costs thousands of dollars. But a security researcher has revealed that the confidential information of more than 100 manufacturing companies including major automakers such as GM, Tesla, and Volkswagen has been left exposed publicly by another company which serves them.
UpGuard Cyber Risk’s chief Chris Vickery found that this information was easily available on the servers of Candain robotics company Level One Robot And Controls. Level One provides and tunes assembly line robots which help companies speed up the production. The exposed data includes “tens of thousands of sensitive corporate documents“, reports the New York Times.
These sensitive documents include blueprints and other schematics related to the floorplans of factories and different types of assembly robots employed by these manufacturers. The researcher also found other documents such as client contracts, product development plans, invoices, and many non-disclosure agreements which point towards the sensitivity of the information, which lay exposed and unprotected.
The exposed data also contained personal information about Level One employees such as their passports and driver’s licenses. Vickery, who reported the issue to the company last week, says that he was unsure whether the information was seen or even downloaded by anyone previously.
The researcher identified that rsync, a file transfer protocol which is used to backup large databases, was at the root of the problem. He suggests that rsync datasets should be restricted by IP addresses and also protected by an authentication measure. In all, the exposed pile of data was massive at 157GB and contained sensitive information from as early as ten years ago. After the report, Level One took the data offline to prevent any data breach in future but what could have happened in the past still remains hazy.