Serviceteam IT Security News

Honda has become the latest big-name brand to expose the personal information of countless customers because of a cloud misconfiguration.

The carmaker’s North America business leaked around 26,000 unique customer records thanks to an unsecured Elasticsearch cluster, according to security researcher, Bob Diachenko.

He found 976 million records in total in the exposed database, including one million containing info about Honda owners and their vehicles — including names, contact details and vehicle information.

Although he was unable to confirm the volume of exposed records, Honda put the figure at just shy of 30,000.

“We are basing this number on a detailed review of the databases on this server, eliminating duplicate information and eliminating the data that does not contain consumer PII,” it said in a statement sent to Diachenko. “We can also say with certainty that there was no financial, credit card or password information exposed on this database.”

On the plus side, the company acted promptly to resolve the security issue, shutting the server on December 13, just a day after it was informed. However, it claimed the misconfiguration happened on October 21 and the database was first indexed by search engine BinaryEdge on December 4, leaving plenty of time for hackers to potentially scan for and find the trove.

Diachenko warned that it could be used to craft convincing follow-on phishing emails.

“The security issue you identified could have potentially allowed outside parties to access some of our customers’ personal information. We quickly investigated this issue, determined the specific breach in protocol, and took immediate steps to address the vulnerability,” the statement continued.

“Honda is continuing to perform due diligence, and if it is determined that data was compromised, we will take appropriate actions in accordance with relevant laws and regulations.”

The incident comes just months after Honda leaked 40GB of data on its internal security systems, via another unsecured Elasticsearch server.

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!