Friendly hackers save Ford from potential leak of employee, customer data

Ford Motor Co. has kept both customer and employee records safe from leaking after cybersecurity researchers alerted the automaker that its internal system filled with sensitive proprietary information was not secure against hostile forces, the Free Press confirmed Tuesday.

“Based on evidence provided to Ford and our internal investigation, we don’t believe any sensitive personal information about employees or customers was accessed or compromised in this instance, which was identified and addressed nearly six months ago,” Ford spokesman T.R. Reid said. “The safety and trust of customers and employees is a top priority for our Ford cybersecurity team and processes.”

Cybersecurity experts, widely considered friendly hackers globally, identified the issues of concern in the first quarter of 2021.

‘Once the situation is safe’

But the company had never officially stated whether or not the system had a data breach, said Ax Sharma, a London-based cybersecurity expert who has been writing about the incident. “They’ve waited a whole six months to disclose this. Having data breach or not, that’s not the point. You usually make the findings public on HackerOne, a platform that lets researchers report things to companies, once the situation is safe.”

HackerOne calls itself a bug bounty computer platform that connects businesses with cybersecurity researchers. Researchers correspond with HackerOne and they bring closure to the situation so that others may learn, Sharma explained.

“There never has been an official disclosure by Ford. They went silent,” Sharma told the Free Press during a phone interview from London, England.

Urgent alert

The Dataminr news alert system on Sunday night said the Ford website had allowed online security “researchers” access to confidential company records, databases, and confidential customer information.

The blog databreaches.net, which describes itself as a news aggregation, investigation and commentary site created in 2009, warned the Ford system was so vulnerable that it also allowed for “account takeovers.”

“A bug on Ford Motor Company’s website allowed for accessing sensitive systems and obtaining proprietary data, such as customer databases, employee records, internal tickets,” according to bleepingcomputer.com, an information and technology news website based in Melville, New York.