Business
Hyundai Motor India fixes bug that exposed customers’ personal data
Hyundai’s India subsidiary has fixed a bug that exposed its customers’ personal information in the South Asian market.
TechCrunch reviewed a portion of the exposed data that included the registered owner name, mailing address, email address, and phone number of Hyundai Motor India customers who have serviced their vehicles at any of the company’s authorized service stations across India. The bug also disclosed vehicle details, including the registration number, color, engine number, and mileage covered.
In a phone conversation on Thursday, Hyundai Motor India spokesperson Siddhartha P. Saikia said the company would provide a statement. When shared by email, the statement said:
“We understand the importance of safeguarding the data of our customers and accordingly strive to create robust systems and processes. Further, these systems get periodically reviewed and updated based on needs. The Repair Order/Invoice link is shared only on the mobile number registered by the customer, once they have opted in to receive such updates. These are system-generated links without any human involvement. Hyundai assures continued efforts to safeguard the interest of the customers.”
Hyundai Motor India did not answer questions about whether it had the technical means, such as logs, to determine any improper access to a customer’s records, nor would the company say if any bad actors exploited the issue.
Security researcher Ashutosh, who preferred not to be named in full, shared the details about the simple bug with TechCrunch. The bug exposed the customer’s personal information through the web links Hyundai Motor India shared with customers over WhatsApp after receiving their vehicles for servicing at an authorized service station.
The web links that redirected customers to the repair orders and invoices in PDF files contained the customer’s phone number. A malicious actor could expose the information of other customers by changing the phone number in the link.
TechCrunch confirmed the researcher’s findings and emailed Hyundai Motor India on December 29. The company responded on January 4. TechCrunch shared the details of the bug with Hyundai Motor India on the same day, and requested Hyundai Motor India fix the bug within seven days due to its simplicity and severity. Hyundai Motor India fixed the bug on Thursday.
Upon receiving the company’s response, TechCrunch confirmed the bug was fixed, and the links in concern were no longer active — redirected to a page giving an error message.
Established in 1996, Hyundai Motor India is among the top three carmakers in the country, alongside Maruti Suzuki and Tata Motors. Hyundai Motor India has a network of over 1,500 service stations in the country. In May, the carmaker announced an investment of $2.45 billion (200 billion Indian rupees) over the next 10 years in the southern Indian state of Tamil Nadu to bolster its plans for electric vehicles.
Indian ride-hailing giant Ola cuts 180 jobs in profitability push
2024 summer TV preview: 33 TV shows to watch this summer
Humanoid robots are learning to fall well
London’s first defense tech hackathon brings Ukraine war closer to the city’s startups
Mark Zuckerberg has found a new sense of style. Why?
TikTok faces a ban in the US, Tesla profits drop and healthcare data leaks
What’s on the far side of the moon? Not darkness.
NASA’s Voyager is in hostile territory. It’s ‘dodging bullets.’
How to watch ‘The Idea of You’: Release date, streaming deals
How Rubrik’s IPO paid off big for Greylock VC Asheem Chandna
NASA discovered bacteria that wouldn’t die. Now it’s boosting sunscreen.
API startup Noname Security nears $500M deal to sell itself to Akamai
US think tank Heritage Foundation hit by cyberattack
How to watch ‘Argylle’: When and where is it streaming?
Tesla drops prices, Meta confirms Llama 3 release, and Apple allows emulators in the App Store
Tesla layoffs hit high performers, some departments slashed, sources say
Meta to close Threads in Turkey to comply with injunction prohibiting data-sharing with Instagram
TechCrunch Mobility: Cruise robotaxis return and Ford’s BlueCruise comes under scrutiny
Former top SpaceX exec Tom Ochinero sets up new VC firm, filings reveal
Consumer Financial Protection Bureau fines BloomTech for false claims
Indian ride-hailing giant Ola cuts 180 jobs in profitability push
2024 summer TV preview: 33 TV shows to watch this summer
Humanoid robots are learning to fall well
London’s first defense tech hackathon brings Ukraine war closer to the city’s startups
Mark Zuckerberg has found a new sense of style. Why?
TikTok faces a ban in the US, Tesla profits drop and healthcare data leaks
What’s on the far side of the moon? Not darkness.
NASA’s Voyager is in hostile territory. It’s ‘dodging bullets.’
How to watch ‘The Idea of You’: Release date, streaming deals
How Rubrik’s IPO paid off big for Greylock VC Asheem Chandna
-
Business6 days agoTesla’s new growth plan is centered around mysterious cheaper models
-
Business7 days agoUnitedHealth says Change hackers stole health data on ‘substantial proportion of people in America’
-
Business5 days agoXaira, an AI drug discovery startup, launches with a massive $1B, says it’s ‘ready’ to start developing drugs
-
Business5 days agoUK probes Amazon and Microsoft over AI partnerships with Mistral, Anthropic, and Inflection
-
Entertainment4 days agoSummer Movie Preview: From ‘Alien’ and ‘Furiosa’ to ‘Deadpool and Wolverine’
-
Business4 days agoPetlibro’s new smart refrigerated wet food feeder is what your cat deserves
-
Business6 days agoTwo widow founders launch DayNew, a social platform for people dealing with grief and trauma
-
Entertainment6 days agoTesla’s in trouble. Is Elon Musk the problem?
