Unlike other automakers, Hotai Motor has made a concerted effort to privately retain customer data through its car rental and carshare unit, iRent. However, this policy backfired when a security researcher found the personal data of thousands of customers online last week. Hotai Motor quickly released an apology and vowed to tighten up its data retention policies in the future.
According to reports, Foxconn took a week to respond to the student’s initial complaint about wage theft. This delay was due in part to the intervention of Taiwanese officials, who asked for a more rapid response.
Hotai Motor controls a large financial holdings company, Toyota distributor, and popular auto service app. With its expansive reach, it can provide various services to its customers.
Car rental companies are always looking for new and innovative ways to keep their users happy. One way that iRent has done this is by providing a variety of car rental services, including short-term rentals, long-term rentals, and car sharing. Additionally, iRent has made it easy for users to
The site was only accessible from the internet after being left exposed by a careless employee, and could have been exploited by criminals looking to burglary or identity theft. Sen warns potential iRent customers that their personal information may be at risk and advises them to keep tabs on their credit rating and security measures in general.
The iRent customer data was not password-protected, which makes it easy for anyone on the internet to access it. However, since the database was not protected with encryption, it is possible for iRent to track and collect user activity data without their knowledge.
Sen said that the exposed database contained partial credit card numbers and customer identification documents, as well as selfies and signatures. He added that the database may have also included information on rental vehicles.
The exposed databases are a treasure trove of valuable data that could be used by criminals and foreign adversaries. The vast amount of data contained in the databases could be leveraged to gain an edge in various markets, including cybersecuritysector.
With Hotai Motor’s exposed customer database, hackers could have stolen personal information such as birth dates and addresses. This information could be used to commit identity theft or hack into other peoples’ accounts.
Taiwan’s Ministry of Digital Affairs has confirmed that an exposed iRent database was flagged with TWCERT/CC, and within an hour the database became inaccessible. The exposed data included personal information on over 34,000 tenants in Taiwan. While it is not yet clear how the security lapse occurred, it is likely that a careless employee failed to properly secured the database.
Hotai Motor has confirmed that data from customers was exposed after their IP address was hacked. The company is working to inform those whose data was compromised and apologize for the inconvenience caused.
It is not clear what other individuals found the database during its nine month period of spilling data. What is known is that Sen was one individual who discovered the dataset and reported it to authorities. This illustrates just how important it is for individuals to report any information they discover that could be related to a cyber attack or data leak.
Recent reports suggest that car rental companies are still struggling to keep their customers’ data safe. In October 2017, Hertz accidentally leaked the personal data of 36,000 customers. France’s national data protection authority fined Hertz France €40,000 at the time because the data was found to be easily accessible online. Recently, it was discovered that another car rental company—Avis—has been transmitting customer location information without their consent since at least May 2014. This raises serious concerns about the safety and privacy of both Avis’s customers and its own employees.
