Peugeot Customer Data in Peru Exposed Due to Misconfigured Environment File

Peugeot, the French automobile manufacturer, has suffered a significant data leak affecting its customers in Peru.

The incident exposed sensitive information through an insecurely configured environment (.env) file on the Peugeot store website for the South American country. In this case, it was the diligent work of the Cybernews research team that led to the discovery of the exposed file, which contained several critical pieces of information, including:

• Full MySQL database Uniform Resource Identifier (URI): This unique sequence of characters identifies the database resource. With this information, anyone can access the company's entire customer database.
• Database username and password: The credentials required to access the MySQL database were exposed, allowing threat actors to access, exfiltrate or modify sensitive customer information.
• JSON Web Token's (JWT) passphrase and locations of private and public keys: JWT is a popular authentication method for web applications. With the passphrase and keys exposed, attackers could forge tokens and impersonate users or access restricted parts of the website.
• A link to the git repository for the site: This link would allow an attacker to access the website's source code, potentially exposing further vulnerabilities or sensitive information.
• Symfony application secret: The application secret, a critical component in the Symfony PHP framework, is used to encrypt and sign data. Exposure of this secret could give attackers the ability to decrypt sensitive data or forge valid signatures, further compromising the application's security.

This data breach presents a considerable threat to Peugeot's clientele in Peru, as it unveils their private data, such as names, addresses, and contact information, making it accessible to cybercriminals. Affected individuals may face risks like identity theft, phishing schemes or even monetary scams.

Using specialized software such as Bitdefender Digital Identity Protection can help you keep your identity safe against data breaches and other incidents that could expose sensitive information. Its array of features includes:

• Comprehensive dashboard where you can see your digital footprint, including traces from no-longer-used services
• 24/7 monitor that scans the public and Dark Web for data breaches and notifies you instantly upon identifying incidents that could put your data and identity at risk
• Simple, one-click actions to address data leaks and weak points in your digital footprint