Jump to content

Test data leak from ABRP server


Yesterday (April 20th 2021) we became aware that one of our development servers - not used for the public ABRP service - had been attacked by somebody who deleted data from one of the databases and requested a ransom to give it back, or else expose it. The test database was exposed due to a human mistake.

The data in the database consisted of randomly selected anonymous vehicle live data recordings. The data was collected from actual drives or charging sessions,  and contains location, speed, SoC, power, weather data and car model. 

The leaked data does NOT contain any personal data - only pure, anonymous vehicle data. It does NOT contain any names, vehicle identity numbers, credit card numbers, passwords, e-mail addresses, live data tokens (from e.g. Tesla) or anything else that could cause damage if published.

ABRP takes your privacy and data security very seriously. We have designed our systems and databases in a way to minimize risk and damage in case of, e.g. a hacker attack. Our production servers (used for our public service) are protected in the best way we can with very restricted access. 

We have taken and will continue to take necessary actions to make sure this does not happen again.

Bo and the ABRP team

2 Comments


Recommended Comments

Guest DaveD

Posted

Strange that I had an unrequested password reset email a couple of days ago....

Link to comment

We had no personal data at all in that database, so we would have to assume that that password reset email was a coincidence. If you want we can investigate the logs for you and see what/who triggered it?

Link to comment
Guest
Add a comment...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...