KELA, a darknet intelligence firm discovered that a hacker group “KelvinSecurity” compromised the personal information of 384,319 BMW customers in the U.K. and put them for sale on various darknet forums, SC Magazine reported.
The hacker group claimed that they got the BMW database from a call center that handles customers’ information of various automobile brands. The stolen database contains over 500,000 customer records dated between 2016 and 2018, affecting U.K. owners of other car manufacturers, including Honda, Mercedes, SEAT, and Hyundai in the U.K.
The exposed BMW owners’ information included sensitive information such as surnames, email iDs, vehicle registration numbers, residential address, dealer names, car registration information, names of dealerships. KELA also discovered multiple databases exposed by KelvinSecurity, including data related to the U.S. government contractors and the Russian military weapons development. The hacker group also exposed over 28 databases on various darknet forums for free, affecting organizations in Iran, Australia, Mexico, U.S., Sweden, Indonesia, and France.
OceanLotus Targets BMW
Earlier, a notorious APT hacker group “OceanLotus” compromised the network systems of BMW and installed a hacking tool known as “Cobalt Strike” to spy and control its systems. According to a research report from Bayerischer Rundfunk, the attack was traced back to state-sponsored hackers from Vietnam. Security analysts from BMW stated that they identified the hacker’s penetration into their company’s network system.
BMW took down the compromised computers and blocked the path that was used by hackers to penetrate the network. To get access to other computers, hackers created a fake website that gave the impression of belonging to the BMW branch in Thailand, as they can monitor networks and find out which folders and files that users logged in. The report also claimed the hackers behind the BMW attack targeted the South Korean automotive manufacturer Hyundai.