Transport

Automotive Giant Exposes Customer Data via Unsecured Elasticsearch Server

17 - 24 December 2019

Honda has exposed the personal information of about 26,000 vehicle owners in the US following a misconfiguration at its Elasticsearch server.
Cyber_News_Transport

Automotive giant Honda has exposed the personal information of about 26,000 vehicle owners in the US following a misconfiguration at its Elasticsearch server. A security researcher discovered that the database was accessible via Internet without the need for authentication. The exposed data included customers' full names, email addresses, phone numbers, mailing address, vehicle make and model, vehicle VINs, agreement ID, and various service information on their Honda vehicles. While the server was secured immediately after being notified, the week-long public exposure would have allowed threat actors to copy the data for malicious purposes. Honda is investigating whether data has been exfiltrated and has warned affected customers about potential phishing attacks.

References:

Honda Exposes Vehicle Owner Records on the Web

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence