On December 6, Catalin Cimpanu of ZDNet reported that both BMW and Hyundai had reportedly been hacked. His describe was based on reporting by Von Hakan Tanriverdi and Josef Streule that had been published on both BR.de and taggeschau.de. Their account was illumine on details, though, and neither BMW nor Hyundai would comment. to them or to ZDNet. Indeed, when it came to Hyundai, all the German publications’ reporters noted was that the snipe involved some fake website. For reasons that are not crystallize to me but may experience been lost in translation, the reporters attributed the attacks to the threat actors known as Ocean Lotus or APT32, a group suspected of attacking entities on behalf of the vietnamese government. The group has previously been linked to other attacks on automotive companies. Whether the reported cut on Hyundai was the act of APT32 or not, on december 7, DataBreaches.net was contacted by an individual who claimed to have hacked Hyundai. It made for an initially confusing interview, because this blogger incorrectly assumed he was referring to the incident reported by ZDNet. But ace of the first things this hacker claimed was that he was NOT APT 32 and he was not a group — he was an individual — a greyhat hacker working as an individual. Well, if he was a commonwealth actor, we would expect him to lie, right? But over the next few hours, it became clearer that what he was describing probably was either a endorse and unrelated plug of Hyundai or the initial reporting may have been wrong. Then again, maybe this site was just beingness gamed. “DarkSly,” as he prefers to live called, first tweeted about hacking Hyundai in mid-November: more details for leaked data from @hyundaisaudi about 460K customer details from saudi arabia and iraq@Hyundai @Hyundai_Global @Hyundai_KSA https://t.co/IVSUEQFcOo pic.twitter.com/uwf5vE5wZZ DarkSly (@notify91557898) November 14, 2019 According to statements made to this site, DarkSly wanted a bug bounty of 1 BTC to inform Hyundai Saudi Arabia of its vulnerability, fix it for them, and wipe out all the data he had downloaded, but after an initial reaction by ace of the twitter accounts, they blocked him and then just didn’t respond to him any further. lol their reaction @Hyundai @Hyundai_Global @hyundaisaudi https://t.co/VoFRezNKfO pic.twitter.com/arZL3ouDMm DarkSly (@notify91557898) november 13, 2019 so what kind of data does Darksly possess? He claims to get approximately 550,000 user records with many records including full name, email address, city, bank, monthly salary, cellphone number and some other details. The data also reportedly include details of approximately 14,000 iraqi customers. Neither passwords nor credit card numbers were reportedly stored in the databases. DarkSly also claims that the last time he tried to access their server — a few days ago — he still had access. But even if he loses access, he’s not particularly concerned about regaining access: “I actually have their seed cypher and can find other ways since development looks so weak.” DataBreaches.net contacted Hyundai’s corporate headquarters to inquire for elucidation or verification as to whether they have experienced 1 hack or two, and whether they had any comments. no response has been received. DataBreaches.net also sent emails to the first 9 customers listed in 1 of the unredacted screenshots DarkSly provided to require them whether they had purchased the mold listed next to their name. One of the emails bounced backrest that there was no such user. The other 8 emails did not bounce back, but none of the recipients replied. so what will he doh next? DarkSly informed DataBreaches.net that he may post a video of the attack, which he recorded, and/or he may sell their data. And now, a Developing Story: Yesterday, DarkSly posted some other data involving Jaguar and LandRover: @Jaguar @LandRover any idea?? saudi arabia, Kuwait, uae, oman, egypt, mexico, Morocco, Lebanon, Iraq, qatar and Tunisia branches involved, all databases backed up. pic.twitter.com/M6avp4Aozj DarkSly (@notify91557898) December 8, 2019 The tweet with screenshots apparently showing access to their server was subsequently removed. According to DarkSly, he hacked jaguar and LandRover yesterday in about three hours. At the time of his initial announcement, he had not contacted either maker or any dealers. When asked whether he was targeting Saudi Arabia, he responded that he just woke up and decided to target a big company. He was allay working on the mynaghi group (Hyundai) attack, and landed up at Jaguar and LandRover, he claims. “having fun with big shots,” he wrote to DataBreaches.net. DataBreaches.net emailed jaguar and LandRover yesterday to expect them if they were aware that they had been hacked and to point out that the screenshots show that DarkSly had obtained the database credentials and theme certificate. no reception has been received from them. As of the time of this publication, DarkSly claims he relieve has access.