security

Ministry blocks access to exposed iRent user database – 台北時報


NO PASSWORD:
The data of 100,000 users of the platform might have been accessible since May, a security researcher told a US tech Web site

The Ministry of Digital Affairs has blocked access to a database that contained the personal information of up to 100,000 iRent users, after it was found that the data were unprotected, a senior ministry official said yesterday.

The statement came after US Web site TechCrunch on Tuesday reported that a database containing iRent data “was inadvertently accessible from the Internet.”

It was on a cloud server owned by Taiwanese automotive conglomerate Hotai Motor Co, it said.

Photo: Cheng Wei-chi, Taipei Times

“Because the database was not password-protected, anyone on the Internet could access the iRent customer data just by knowing its IP address,” the report said.

The databank contained the names, mobile phone numbers, e-mail addresses, home addresses, drivers’ license photographs and partly redacted payment card information of customers of iRent, a vehicle rental and sharing platform.

TechCrunch said security researcher Anurag Sen discovered the exposed database, adding that it had reviewed part of it and confirmed Sen’s findings.

It said it sent several e-mails to Hotai Motor about the exposed database, but did not receive a reply.

It said it also contacted the ministry, which took action to deal with the situation.

Deputy Minister of Digital Affairs Lee Huai-jen (李懷仁) confirmed that Minister of Digital Affairs Audrey Tang (唐鳳) was informed about the exposed databank by a foreign media organization during the Lunar New Year holiday.

Readers Also Like:  NSA, already one of city's largest tech employers, staffing up in San ... - San Antonio Express-News

Tang referred the case to the Taiwan Computer Emergency Response Team Coordination Center, a unit operated by the ministry-affiliated Taiwan Network Information Center, because it was an information security incident involving a private company, Lee said.

The center blocked outside access to the database, he added.

Hotai Motor’s mobile services unit said in a statement that it had addressed the exposed database “at the first moment” and reinforced its security.

A full-scale check of related systems and an investigation into the case shed light on the possible impact of the data spillage, the company said, without elaborating.

Security checks on the iRent system have been conducted regularly, it said, adding that iRent transactions are protected under the Secure Sockets Layer protocol.

Chinese-language media reported that iRent has nearly 1.4 million members and that the company hopes to raise that number to 1.8 million this year, while increasing the number of vehicles from 2,000 to 9,000.

The TechCrunch report cited Sen as saying that the exposed database contained millions of partial credit card numbers and at least 100,000 customer identification documents, as well as selfies, signatures and rental vehicle details.

It also said the database had been unprotected since May last year, adding that it was unclear whether any unauthorized party had accessed it.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

Readers Also Like:  How ubiquitous keyboard software puts hundreds of millions of Chinese users at risk - MIT Technology Review



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.