Automotive Giant Exposes Customer Data via Unsecured Elasticsearch Server
Automotive giant Honda has exposed the personal information of about 26,000 vehicle owners in the US following a misconfiguration at its Elasticsearch server. A security researcher discovered that the database was accessible via Internet without the need for authentication. The exposed data included customers' full names, email addresses, phone numbers, mailing address, vehicle make and model, vehicle VINs, agreement ID, and various service information on their Honda vehicles. While the server was secured immediately after being notified, the week-long public exposure would have allowed threat actors to copy the data for malicious purposes. Honda is investigating whether data has been exfiltrated and has warned affected customers about potential phishing attacks.
References:Honda Exposes Vehicle Owner Records on the Web
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services