Last week, researchers found a vulnerability on the official website of the American car giant Ford Motor Company. This is open, access to sensitive systems, customer database and employee information. many detailed information can be accessed simply. provided.
Discovered by Robert Willis and break3r, this vulnerability was later Sakura Samurai
Tried by hacker cluster and it turned out that the source of the issue was a flaw in the CRM software.
Ford took 6 months to acknowledge this vulnerability
The hacker cluster called HackerOne is not the malicious cluster that demands ransom after hacking large companies. Conversely, like Ford, they detect if there is a random vulnerability on large companies’ websites, and in return (if any) incentive or deception reward they get.
According to the head of the cluster, John Jackson, Ford did not care much about this vulnerability on the website. Jackson and his coop emailed Ford in February about the vulnerability they identified, including customer and employee records and financial account numbers. stated that extremely valuable information is vulnerable but did not receive any tangible response from Ford.
Sakura Samurai , so that Ford can realize this without breaking the law. The company, which had to wait for exactly 6 months, and ultimately held thousands of valuable information, took a step towards the vulnerability.
American car giant Ford has described the findings sent by the hacker cluster as “private findings” and said that they will not make a public statement about the bet. According to the information given, Ford quickly after their findings. to take the system offline and fix the problem started to work.