Siemens Metaverse exposes sensitive corporate data
Siemens Metaverse data leak exposes corporate information including ComfyApp credentials and vulnerabilities on WordPress subdomains. Cybernews urges caution due to potential severe fallout.
![data breach, Person, Security](https://diplo-media.s3.eu-central-1.amazonaws.com/2023/04/c82332e6-9ca2-479d-b975-8c703775291f.jpg)
Siemens, a global leader in industrial automation and digitalization, inadvertently exposed sensitive information on the domain metaverse.siemens.com. Siemens Metaverse is a platform that provides digital twin applications of Siemens factories and offices. In March 2023, a Cybernews research team discovered an environment file on this domain. The file contained ComfyApp credentials and endpoints. ComfyApp is a Siemens-owned workplace management application comprising sensitive data about the infrastructure of the company. Furthermore, researchers found flaws on several WordPress-based subdomains, that had already been fixed by WordPress itself in 2017.
Siemens considered the issue as non-critical, while Cybernews warns of the devastating consequences of such data leaks.