Home » News » Hotai Motor, a Taiwanese automotive company, exposed reams of personal customer data from its automobile rental and carshare arm, iRent.

Hotai Motor, a Taiwanese automotive company, exposed reams of personal customer data from its automobile rental and carshare arm, iRent.

January 31, 2023 By Jozeph P
(Image Credit Google)
Hotai Motor, a leading Taiwanese financial holding company, released reams of customer data from its car rental and the car-sharing unit, iRent, until a security researcher discovered the data last week. Toyota is its distributor in Taiwan. Hotai acquired iRent in 2022. The app allows customers to rent cars at a depot or free-floating, and it has over 1.1 million registered cars and 580,000 iRent users. Until a security researcher discovered the data online last week, Taiwanese automotive conglomerate Hotai Motor had exposed reams of personal customer data from its car rental and the car-sharing unit, iRent. Hotai Motor is Taiwan's largest financial holding company and is also the Taiwan distributor for Toyota. Hotai acquired iRent in 2022. This popular auto service app allows users to rent cars for free or at a depot. It claims to have more than 1.1 million registered cars and 580,000 iRent users. Anurag Sen, a security researcher, discovered a database containing iRent customers' full names, cell phone numbers, email addresses, home addresses, photos of their driver's licenses, and partially redacted payment card details on a Hotai cloud server that was inadvertently accessible from the internet. [caption id="attachment_85423" align="aligncenter" width="730"]iRent iRent[/caption] Because the database was not password-protected, anyone on the internet could access the iRent customer data simply by knowing its IP address. Sen revealed that the exposed database contained millions of partial credit card numbers and at least 100,000 customer identification documents, as well as selfies, signatures, and rental car details. Sen's conclusions were validated after TechCrunch evaluated a piece of the disclosed material. Shodan, a search engine for exposed devices and databases, found that the database was spilling data as far back as May 2022 and contained 4.2 terabytes of data at the time it was secured. TechCrunch sent Hotai Motor several emails this week detailing the exposed database, but we did not receive a response. The company received notification of the security lapse on January 28, 2015, through Taiwan’s Ministry of Digital Affairs, the government department that regulates and oversees the country’s internet and telecoms. Taiwan’s Minister for Digital Affairs Audrey Tang told TechCrunch in an emailed response that the exposed database had been flagged by Taiwan's national computer emergency response team, known as TWCERT/CC, and that the iRent database became inaccessible within an hour. Hotai Motor acknowledged that it had secured the database shortly after. “We immediately disabled the outside connection to this IP,” Hotai said, adding that it would inform customers whose data was exposed. It’s not the first time that a car rental company has compromised its own customers’ data, but it’s unclear if anyone other than Sen managed to find the database during the nine months it was spilling information. Hertz accidentally released the personal data of 36,000 customers in 2017. The French national data protection authority fined Hertz France in 2017 because the data were readily available online.

By Jozeph P

Journalism explorer, tech Enthusiast. Love to read and write.

Leave a Reply

You must be logged in to post a comment.
Latest News

Walmart's GenAI Search Engine: Challenging Google's Dominance in Retail Search
March 12, 2024

Introducing the MSI Claw Handheld: Your Ultimate Gaming Companion
March 12, 2024

Uber Increases In-App Ads, Prompting Mixed Reactions from Customers
March 12, 2024

Apple's iOS 18: A Leap into the AI Era
March 12, 2024

Google's Regular Pixel 8 Won't Get Gemini Nano AI
March 12, 2024

MacBook Air M3 Makes Amends for M2's Storage Blunder
March 11, 2024

Samsung Unveils the Galaxy M15 5G
March 11, 2024

Elon Musk's xAI to Open-Source Chatbot Grok
March 11, 2024

Contra: Operation Galuga - A Modern Run-and-Gun Classic
March 11, 2024

Musk Confirms X's TV App Arrives This Week
March 11, 2024
RELATED NEWS
The New Porsche Taycan: Battery Range and Faster Charging

Porsche, known for its iconic sports cars, is divi...

news-extra-space
Tesla Loses EV Range Crown to Unknown Chinese Brand in Brutal Winter Test!

In the most recent winter range test at El Prix, a...

news-extra-space
World's first electric car completes 17k-mile journey from North to South Pole

A special electric car just did something amazing ...

news-extra-space
Volvo's EM90: Mobile Living Room with 450 Miles of Electric Range

Volvo unveiled its inaugural electric minivan, the...

news-extra-space
Cruise Robotaxis Needs Remote Human Assistance During Trip

Cruise Robotaxis are alleged to be self-using auto...

news-extra-space
VOOK Launches New E-Trike Electric Bike With Top Speed

image credit - carscoops.com You may be interes...

news-extra-space
2
3
4
5
6
7
8
9
10