autoevolution
 

Hackers Claim They Breached Ford and Stole Customer Data, Ford Says "Not Really"

Ford says it found no evidence of a breach of its systems 24 photos
Photo: Bogdan Popa/autoevolution/Ford
Ford F-150 Lightning production at the Rouge Electric Vehicle CenterFord F-150 Lightning production at the Rouge Electric Vehicle CenterFord F-150 Lightning production at the Rouge Electric Vehicle CenterFord F-150 Lightning production at the Rouge Electric Vehicle CenterFord F-150 Lightning production at the Rouge Electric Vehicle CenterFord F-150 Lightning production at the Rouge Electric Vehicle CenterFord F-150 Lightning production at the Rouge Electric Vehicle CenterFord F-150 Lightning production at the Rouge Electric Vehicle CenterFord F-150 Lightning production at the Rouge Electric Vehicle CenterFord F-150 Lightning production at the Rouge Electric Vehicle CenterFord F-150 Lightning production at the Rouge Electric Vehicle CenterFord F-150 Lightning production at the Rouge Electric Vehicle CenterFord F-150 Lightning production at the Rouge Electric Vehicle CenterFord F-150 Lightning production at the Rouge Electric Vehicle CenterFord F-150 Lightning production at the Rouge Electric Vehicle CenterFord F-150 Lightning production at the Rouge Electric Vehicle CenterFord F-150 Lightning production at the Rouge Electric Vehicle CenterFord F-150 Lightning production at the Rouge Electric Vehicle CenterFord F-150 Lightning production at the Rouge Electric Vehicle CenterFord F-150 Lightning production at the Rouge Electric Vehicle CenterFord F-150 Lightning production at the Rouge Electric Vehicle CenterFord F-150 Lightning production at the Rouge Electric Vehicle CenterFord F-150 Lightning production at the Rouge Electric Vehicle Center
Two hackers recently shared details of what they claimed was a sample of a database stolen from Ford. The database allegedly included the personal information of 44,000 customers, including their names, physical addresses, and the cars and accessories they purchased.
The two hackers, IntelBroker – already famous for high-profile targets – and EnergyWeaponUser, turned to an online forum to publish the alleged sample. They didn't share information about an attack, but they claimed the database was stolen from Ford, and it included the information of thousands of customers.

Ford immediately started an investigation but eventually determined that the hack wasn't actually a hack. The sample did not include information on Ford customers but a list of dealerships and only mentioned their addresses.

In other words, no sensitive information was in the allegedly stolen database, as the dealership information is already publicly available, and anyone can find it with a simple Google search. Reports indicated that the published information looked like it was indeed obtained from a database, but Ford said the alleged breach didn't target its network; it only affected a third-party supplier.

The carmaker explained that the data obtained by hackers was a "small batch of publicly available dealers' business addresses." The issue has already been resolved, Ford said, so the third-party supplier that exposed the database has patched the security flaw.

Otherwise, there's nothing to worry about, as no customer data was involved.

The hackers didn't reveal any information about the breach, but most often, bad actors target carmakers and high-profile companies using ransomware infections. These malicious payloads encrypt the contents of the exposed systems with an encryption key that can only be obtained by paying the hackers a ransom. Companies can also regain access to their computers by restoring backups, though the procedure takes time, and it assumes that IT departments previously created backups of all affected systems.

Volkswagen was the previous alleged target of hackers, with ransomware gang 8Base claiming to have breached its servers in September and obtaining access to what the bad actors described as "a huge amount of confidential information." The hackers claimed they were in possession of sensitive information like employee contracts, personal data, invoices, and accounting documents. Confidentiality agreements were also said to be included in the stolen databases.

The German carmaker investigated the claims, and like Ford, it found nothing concerning. Volkswagen said it found no evidence of hackers breaching its IT infrastructure, albeit the company admitted that it often receives such threats, taking each seriously. However, carmakers seem to be targeted more often by fake threats, possibly in an attempt to gain more fame and exposure, as stealing the personal information of customers who bought cars is often a sensitive matter that rapidly makes the news.
If you liked the article, please follow us:  Google News icon Google News Youtube Instagram
About the author: Bogdan Popa
Bogdan Popa profile photo

Bogdan keeps an eye on how technology is taking over the car world. His long-term goals are buying an 18-wheeler because he needs more space for his kid’s toys, and convincing Google and Apple that Android Auto and CarPlay deserve at least as much attention as their phones.
Full profile

 

Would you like AUTOEVOLUTION to send you notifications?

You will only receive our top stories