Skip to content
Techzine Global
  • Home
  • Topstories
  • Topics
    • Analytics
    • Applications
    • Collaboration
    • Data Management
    • Devices
    • Devops
    • Infrastructure
    • Privacy & Compliance
    • Security
  • Insights
    • All Insights
    • Agentic AI
    • Analytics
    • Cloud ERP
    • Generative AI
    • IT in Retail
    • NIS2
    • RSAC 2025 Conference
    • Security Platforms
    • SentinelOne
  • More
    • Become a partner
    • About us
    • Contact us
    • Terms and conditions
    • Privacy Policy
  • Techzine Global
  • Techzine Netherlands
  • Techzine Belgium
  • Techzine TV
  • ICTMagazine Netherlands
  • ICTMagazine Belgium
Techzine » News » Security » Private keys and logins BMW were stored in public Azure server
2 min Security

Private keys and logins BMW were stored in public Azure server

Floris Hulshoff PolFebruary 15, 2024 2:28 pmFebruary 15, 2024
Private keys and logins BMW were stored in public Azure server

A misconfiguration of a Microsoft Azure server at BMW leaked sensitive company information. This was discovered by a SOCRadar researcher during a routine Internet scan, reports TechCrunch.

According to TechCrunch, Can Yoleri, a security researcher at SOCRadar, discovered the misconfigured and thus open Azure server of German automotive group BMW. This happened during a routine scan of the internet. The so-called Azure “bucket” was located in BMW’s development environment and was accidentally configured as a public server instead of a private server. This made the information in the bucket readable.

Login credentials for multiple cloud services

In the open Azure bucket, the security researcher found sensitive information, including access information for Azure containers, secret keys to access private bucket addresses and details about other cloud services. More specifically, this would include private keys for BMW cloud services in China, Europe and the U.S. It also involved login details for the automotive group’s production and development databases.

It is unknown how long the bucket in question was open. The security researcher shared his findings with BMW.

Problem partially addressed

BMW indicated that the Azure bucket in question had indeed been open in response to the event. According to a spokesperson, it involved an Azure bucket in the company’s storage development environment. Customer data or other personal information was not leaked.

By early 2024, BMW would have resolved the issue. The company remains alert to possible misuse. The automaker would not comment on how long the bucket in question had been open and did not say whether malicious access to the exposed data had been gained in the meantime.

Researcher Yoleri stated in a reaction that the automotive group still has not revoked or updated all passwords or other login credentials. Thus, the automotive group has only made the Azure bucket private.

More misconfigurations in the automotive industry

By the way, BMW is not the only German automobile manufacturer that has recently inadvertently disclosed company-sensitive data. In January of this year, Mercedes-Benz accidentally left a private GitHub token open that provided unlimited access to company source code.

Read also: Internal data Mercedes-Benz was accessible due to public GitHub token

Tags:

Azure / BMW / Data leak / login credentials / misconfiguration

"*" indicates required fields

Stay tuned, subscribe!

Nieuwsbrieven*
This field is for validation purposes and should be left unchanged.

Related

Dutch researcher discovers Fujitsu blunder: AWS keys and logins in public bucket

IBM: Cloud use makes Europe biggest target of hackers in 2023

Hackers sell data center login credentials of large multinationals

Cloud services Microsoft Azure in Texas were temporarily offline due to extreme weather conditions.

Editor picks

Infoblox turns DNS into cybersecurity’s first line of defense

Infoblox positions DNS as the earliest point of cyber threat preventi...

Apple considered acquiring Mistral AI and Perplexity

Apple is said to have been in talks about the possible acquisition of...

Review: Google Pixel 10 Pro XL – no moonshot

Incremental gains are commonplace among the biggest phonemakers globa...

Red Hat strives for simplicity in an ever more complex IT world

You'd think the IT world would be one that's used to change. Yet inno...

Techzine.tv

Inova Health System's new network infrastructure enhances patient care and staff workflows

Inova Health System's new network infrastructure enhances patient care and staff workflows

"AI puts process modeling on steroids", SAP's Dee Houchen on business process management

"AI puts process modeling on steroids", SAP's Dee Houchen on business process management

What is HPE's Unleash AI program and how does it help companies?

What is HPE's Unleash AI program and how does it help companies?

Slack is evolving into a work operating system

Slack is evolving into a work operating system

Read more on Security

IGEL benefits from seismic VMware and Windows 10 shifts
Top story

IGEL benefits from seismic VMware and Windows 10 shifts

No matter how strong IT security is, cyberattacks are almost impossible to prevent. IGEL argues that endpoint...

Erik van Klinken August 22, 2025
Sophisticated attack hits WhatsApp users

Sophisticated attack hits WhatsApp users

WhatsApp fixed a serious vulnerability that was exploited in a series of attacks in which victims did not nee...

Mels Dees 5 hours ago
Infoblox turns DNS into cybersecurity’s first line of defense
Top story

Infoblox turns DNS into cybersecurity’s first line of defense

Infoblox positions DNS as the earliest point of cyber threat prevention, claiming to block malicious infrastr...

Berry Zwets 9 hours ago
Google refutes reports of major Gmail breach

Google refutes reports of major Gmail breach

Google has attempted to clarify a wave of reports that gave the impression that Gmail had recently experience...

Mels Dees 6 hours ago

Expert Talks

The AI productivity mirage: why leaders are aiming at the wrong target

The AI productivity mirage: why leaders are aiming at the wrong target

In the never-ending quest for developer productivity gains, a new def...

Meeting future workload demands: the case for emerging memory technologies

Meeting future workload demands: the case for emerging memory technologies

It often feels as though memory is an outlier in the technology world...

How AI and automation are redefining ROI in the enterprise

Today’s data and business analysts are equipped with a wide array o...

Enhancing video encoding: The AV1 support in the new ARTPEC-9 System-on-Chip

In an era where video security and digital technologies are evolving ...

Tech calendar

NULLCON Berlin 2025

September 4, 2025 Courtyard By Marriott, Berlin City Center

bit summit

September 4, 2025 Hamburg

GITEX DIGI_HEALTH 5.0 - Thailand

September 10, 2025 BITEC Bangkok, Thailand

VeeamON Tour 2025

September 18, 2025 Driebergen-Rijsenburg

IT Arena

September 26, 2025 Lviv, Ukraine

Innovation Week 2025

October 9, 2025 Prague

Whitepapers

Experience Synology’s latest enterprise backup solution

Experience Synology’s latest enterprise backup solution

How do you ensure your company data is both secure and quickly recove...

How to choose the right Enterprise Linux platform?

How to choose the right Enterprise Linux platform?

"A Buyer's Guide to Enterprise Linux" comprehensively analyzes the mo...

Enhance your data protection strategy for 2025

The Data Protection Guide 2025 explores the essential strategies and...

Strengthen your cybersecurity with DNS best practices

The white paper "DNS Best Practices" by Infoblox presents essential g...

Techzine Global

Techzine focusses on IT professionals and business decision makers by publishing the latest IT news and background stories. The goal is to help IT professionals get acquainted with new innovative products and services, but also to offer in-depth information to help them understand products and services better.

Follow us

Twitter
LinkedIn
YouTube

© 2025 Dolphin Publications B.V.
All rights reserved.

Techzine Service

  • Become a partner
  • Advertising
  • About Us
  • Contact
  • Terms & Conditions
  • Privacy Statement