Toyota Confirms Breach After Stolen Data Leaks On Hacking Forum

Toyota confirmed a breach of its network after 240GB of data, including employee and customer information, was leaked on a hacking forum by a threat actor. The company has not provided details on how or when the breach occurred. BleepingComputer reports: ZeroSevenGroup (the threat actor who leaked the stolen data) says they breached a U.S. branch and were able to steal 240GB of files with information on Toyota employees and customers, as well as contracts and financial information. They also claim to have collected network infrastructure information, including credentials, using the open-source ADRecon tool that helps extract vast amounts of information from Active Directory environments.

“We have hacked a branch in United States to one of the biggest automotive manufacturer in the world (TOYOTA). We are really glad to share the files with you here for free. The data size: 240 GB,” the threat actor claims. “Contents: Everything like Contacts, Finance, Customers, Schemes, Employees, Photos, DBs, Network infrastructure, Emails, and a lot of perfect data. We also offer you AD-Recon for all the target network with passwords.” While Toyota hasn’t shared the date of the breach, BleepingComputer found that the files had been stolen or at least created on December 25, 2022. This date could indicate that the threat actor gained access to a backup server where the data was stored. “We are aware of the situation. The issue is limited in scope and is not a system wide issue,” Toyota told BleepingComputer. The company added that it’s “engaged with those who are impacted and will provide assistance if needed.”

Read more of this story at Slashdot.

National Public Data Published Its Own Passwords

Security researcher Brian Krebs writes: New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today. In April, a cybercriminal named USDoD began selling data stolen from NPD. In July, someone leaked what was taken, including the names, addresses, phone numbers and in some cases email addresses for more than 272 million people (including many who are now deceased). NPD acknowledged the intrusion on Aug. 12, saying it dates back to a security incident in December 2023. In an interview last week, USDoD blamed the July data leak on another malicious hacker who also had access to the company’s database, which they claimed has been floating around the underground since December 2023.

Following last week’s story on the breadth of the NPD breach, a reader alerted KrebsOnSecurity that a sister NPD property — the background search service recordscheck.net — was hosting an archive that included the usernames and password for the site’s administrator. A review of that archive, which was available from the Records Check website until just before publication this morning (August 19), shows it includes the source code and plain text usernames and passwords for different components of recordscheck.net, which is visually similar to nationalpublicdata.com and features identical login pages. The exposed archive, which was named “members.zip,” indicates RecordsCheck users were all initially assigned the same six-character password and instructed to change it, but many did not. According to the breach tracking service Constella Intelligence, the passwords included in the source code archive are identical to credentials exposed in previous data breaches that involved email accounts belonging to NPD’s founder, an actor and retired sheriff’s deputy from Florida named Salvatore “Sal” Verini.

Reached via email, Mr. Verini said the exposed archive (a .zip file) containing recordscheck.net credentials has been removed from the company’s website, and that the site is slated to cease operations “in the next week or so.” “Regarding the zip, it has been removed but was an old version of the site with non-working code and passwords,” Verini told KrebsOnSecurity. “Regarding your question, it is an active investigation, in which we cannot comment on at this point. But once we can, we will [be] with you, as we follow your blog. Very informative.” The leaked recordscheck.net source code indicates the website was created by a web development firm based in Lahore, Pakistan called creationnext.com, which did not return messages seeking comment. CreationNext.com’s homepage features a positive testimonial from Sal Verini.

Read more of this story at Slashdot.

Waymo’s New Robotaxi Will Feature Fewer Sensors To Help Lower Costs

Waymo has unveiled its sixth-generation robotaxi, an electric minivan made by Chinese automaker Zeekr. While the company claims it’s more advanced than previous generations, it features fewer sensors to help reduce costs. The Verge reports: [W]ithin its high-powered computer, it contains all the learnings of the previous five generations of Waymo’s autonomous vehicles, meaning it won’t have to do as much real-world testing as past models before it can be rolled out to the public. But looming over Waymo’s assertion that its new robotaxi will be cheaper to produce is the possibility that it could also be subject to costly new tariffs against Chinese-made electric vehicles. Earlier this year, the Biden administration said it would quadruple tariffs on EVs from China to 100 percent, from the current 25 percent, as a way to “protect American workers and American companies from China’s unfair trade practices.” […]

Waymo says the sixth-gen robotaxi will feature a streamlined sensor suite of “16 cameras, 5 lidar, 6 radar, and an array of external audio receivers (EARs).” These sensors will help provide “overlapping fields of view, all around the vehicle, up to 500 meters away, day and night, and in a range of weather conditions.” That’s the equivalent of over five football fields of visible range. Waymo’s use of multiple sensors is important for redundancy, in which multiple sensors and cameras can ensure the vehicle can continue to detect and respond to its surroundings if something fails. It’s unclear where and when the new sixth-gen robotaxis will first appear. “Waymo currently operates in Phoenix, San Francisco, and Los Angeles, with plans to launch commercial service in Austin, Texas,” notes the report. “The company has been manually testing the Zeekr-made minivans on public roads, with the goal of adding them to its commercial fleet sometime soon.”

Read more of this story at Slashdot.

India’s Influencers Fear a New Law Could Make them Register with the Government

Indian influencers

It’s the largest country on earth — home to 1.4 billion people. But “The Indian government has plans to classify social media creators as ‘digital news broadcasters,'” according to the nonprofit site RestofWorld.org.

While there’s “no clarity” on the government’s next move, the proposed legislation would require social media creators “to register with the government, set up a content evaluation committee that checks all content before it is published, and appoint complaint handlers — all at their own expense. Any failures in compliance could lead to criminal charges, including jail term.”

On July 26, the Hindustan Times reported that the government plans to tweak the proposed Broadcasting Services (Regulation) Bill, which aims to combine all regulations for broadcasters under one law. As per a new version of the bill, which has been reviewed by Rest of World, the government defines “digital news broadcaster” as “any person who broadcasts news and current affairs programs through an online paper, news portal, website, social media intermediary, or other similar medium as part of a systematic business, professional or commercial activity.”

Creators and digital rights activists believe the potential legislation will tighten the government’s grip over online content and threaten the last bastion of press freedom for independent journalists in the country. Over 785 Indian creators have sent a letter to the government seeking more transparency in the process of drafting the bill. Creators have also stormed social media with hashtags like #KillTheBill, and made videos to educate their followers about the proposal.

One YouTube creator told the site that if the government requires them to appoint a “grievance redressal officer,” they might simply film themselves, responding to grievances — to “make content out of it”.

Read more of this story at Slashdot.

Apple is Building Its Own Cellular Modem, Playing ‘Long Game’ to Drop Qualcomm

Bloomberg’s Mark Gruman remembers how Apple’s hardware group “allowed Apple to dump Intel chips from its entire Mac lineup.”

And they’re now building an in-house cellular modem:

For more than a decade, Apple has used modem chips designed by Qualcomm… But in 2018 — while facing a legal battle over royalties and patents — Apple started work on its own modem design…. It’s devoting billions of dollars, thousands of engineers and millions of working hours to a project that won’t really improve its devices — at least at the outset…
Over the past few years, Apple’s modem project has suffered numerous setbacks. There have been problems with performance and overheating, and Apple has been forced to push back the modem’s debut until next year at the earliest. The rollout will take place on a gradual basis — starting with niche models — and take a few years to complete. In a sign of this slow transition, Apple extended its supplier agreement with Qualcomm through March 2027… But Qualcomm has said that Apple will still have to pay it some royalties regardless (the chipmaker believes that Apple won’t be able to avoid infringing its patents).

So it’s hard to tell how big the benefits will be in the near term. Down the road, there are plans for Apple to fold its modem design into a new wireless chip that handles Wi-Fi and Bluetooth access. That would create a single connectivity component, potentially improving reliability and battery life. There’s also the possibility that Apple could one day combine all of this into the device’s main system on a chip, or SoC. That could further cut costs and save space inside the iPhone, allowing for more design choices. Furthermore, if Apple does ultimately save money by switching away from Qualcomm, it could redirect that spending toward new features and components.

Read more of this story at Slashdot.