Threat actor xpl0itts claims their earlier BMW IDOR and document breach has expanded significantly through collaborations with DarkRomance, teamPCP, and another group, with exfiltration still ongoing. They report tens of thousands of employee and customer PII records, VINs, Kubernetes and configuration data, an IDOR exploit for sale, and data from Mazda, Toyota, Audi, Ford, and 32 additional automakers. #xpl0itts #BMW #IDOR #Mazda #Toyota
Keypoints
- xpl0itts claims the BMW IDOR/document breach has expanded and remains actively exfiltrating data with collaborators DarkRomance and teamPCP.
- Tens of thousands of employee and customer PII records were reportedly stolen, including full names, addresses, vehicle information, and VINs.
- Exfiltrated technical data includes Kubernetes (K8s) infrastructure, internal configuration files, API data, and extensive dealer subdomain mapping.
- The original IDOR exploit is advertised for sale and initial access vectors reportedly included file upload and IDOR vulnerabilities across portals.
- Claimed access now encompasses data from Mazda, Toyota, Audi, Ford, and 32+ additional automakers, plus multi-brand PII and internal chats.
DarkWebInformer.com Providing intel from some of the darkest places on the Dark Web & Clearnet. Breaches, Darknet Markets, Ransomware, Threat Alerts, & more!