BMW car owners’ data leak: Names, addresses, vehicle numbers etc on sale in dark web

A group of cybersecurity specialists has revealed an interesting finding related to automotive firm BMW and its customers in the UK. According to the researchers, a hacking group identified as KelvinSecurityTeam published a database extracted from the domain containing records of more than 380,000 of the company’s customers.

Apparently, the information contained in this database includes details such as names, telephone numbers, addresses, email addresses, vehicle number, among other data. Recently this group of hackers gained notoriety in selling databases from at least 16 companies, including business consulting firm Frost & Sullivan.

After the hackers revealed this information, cybersecurity specialists from all over the world began to delve into the incident, finding interesting data. Although cybercriminals claimed that the information was extracted directly from the automotive company, these records actually come from BMW dealerships in the UK, or from call centers that serve multiple automotive companies.

Esta imagen tiene un atributo ALT vacío; su nombre de archivo es bmw01.jpg

Researchers also found that the compromised database contains 500,000 records and not only exposes BMW customer data, but includes customer details from other firms such as Honda, Hyundai, Mercedes, Seat, among others. According to the information obtained, this data would have been collected between 2016 and 2018.

In late 2019, a group of Vietnamese hackers were discovered attacking the computer infrastructure of companies such as BMW and Hyundai, using a hacking tool known as “Cobalt Strike” on attacked machines for espionage purposes. Investigators still cannot determine whether there is a link between the two incidents.

This is not the only possible explanation. Cybersecurity experts mention that a group of Chinese government-sponsored hackers could be behind this incident. More than an espionage campaign, the motivation of this group could be purely financial. So far none of the companies allegedly affected has commented on this.

Cybersecurity specialists recommend that customers of affected companies contact their dealers to request further reports of the incident. Companies are expected to notify the UK Information Commissioner’s Office (ICO) for further investigation.

The hackers of “KelvinSecurityTeam” are involved in multiple security incidents related to the theft of information and its sale on dark web, so experts fear that the information of affected users will appear on some hacking forum on dark web.