An exposed database at Honda allowed anyone to see which systems on its network were vulnerable to unpatched security flaws, potentially giving hackers insider knowledge of the company’s weak points.
The server contained 134 million rows of employee systems data from the company’s endpoint security service, containing technical details of each computer and device connected to the internal network. Affected by the White Hat probe were locations in Japan, USA, Mexico, and the UK.
Based on the Shodan scan of the IP in question, it appears that the database was likely publicly accessible as of July 1, 2019. Shodan is the world’s first search engine for Internet-connected devices.
In a statement Honda said: “The security issue you identified could have potentially allowed outside parties to access some of Honda’s cloud-based data that consisted of information related to our employees and their computers. We investigated the system’s access logs and found no signs of data download by any third parties.
“At this moment, there is no evidence that data was leaked, excluding the screenshots taken by you (Upstream). We will take appropriate actions in accordance with relevant laws and regulations and will continue to work on proactive security measures to prevent similar incidents in the future.”
Upstream said “Shodan yet again.” It uncovered an ElasticSearch database without any authentication. “The data contained within this database was related to the internal network and computers of Honda Motor Company. The information available in the database appeared to be something like an inventory of all Honda internal machines. This included information such as machine host name, MAC address, internal IP, operating system version, which patches had been applied, and the status of Honda’s endpoint security software.
About Ken Zino
Ken Zino, editor and publisher of AutoInformed, is a versatile auto industry participant with global experience spanning decades in print and broadcast journalism, as well as social media. He has automobile testing, marketing, public relations and communications experience. He is past president of The International Motor Press Assn, the Detroit Press Club, founding member and first President of the Automotive Press Assn. He is a member of APA, IMPA and the Midwest Automotive Press Assn.
He also brings an historical perspective while citing their contemporary relevance of the work of legendary auto writers such as Ken Purdy, Jim Dunne or Jerry Flint, or writers such as Red Smith, Mark Twain, Thomas Jefferson – all to bring perspective to a chaotic automotive universe.
Above all, decades after he first drove a car, Zino still revels in the sound of the exhaust as the throttle is blipped during a downshift and the driver’s rush that occurs when the entry, apex and exit points of a turn are smoothly and swiftly crossed. It’s the beginning of a perfect lap.
AutoInformed has an editorial philosophy that loves transportation machines of all kinds while promoting critical thinking about the future use of cars and trucks.
Zino builds AutoInformed from his background in automotive journalism starting at Hearst Publishing in New York City on Motor and MotorTech Magazines and car testing where he reviewed hundreds of vehicles in his decade-long stint as the Detroit Bureau Chief of Road & Track magazine. Zino has also worked in Europe, and Asia – now the largest automotive market in the world with China at its center.
Honda Database Leaks 134M Rows of Employee Data
An exposed database at Honda allowed anyone to see which systems on its network were vulnerable to unpatched security flaws, potentially giving hackers insider knowledge of the company’s weak points.
The server contained 134 million rows of employee systems data from the company’s endpoint security service, containing technical details of each computer and device connected to the internal network. Affected by the White Hat probe were locations in Japan, USA, Mexico, and the UK.
Based on the Shodan scan of the IP in question, it appears that the database was likely publicly accessible as of July 1, 2019. Shodan is the world’s first search engine for Internet-connected devices.
In a statement Honda said: “The security issue you identified could have potentially allowed outside parties to access some of Honda’s cloud-based data that consisted of information related to our employees and their computers. We investigated the system’s access logs and found no signs of data download by any third parties.
“At this moment, there is no evidence that data was leaked, excluding the screenshots taken by you (Upstream). We will take appropriate actions in accordance with relevant laws and regulations and will continue to work on proactive security measures to prevent similar incidents in the future.”
Upstream said “Shodan yet again.” It uncovered an ElasticSearch database without any authentication. “The data contained within this database was related to the internal network and computers of Honda Motor Company. The information available in the database appeared to be something like an inventory of all Honda internal machines. This included information such as machine host name, MAC address, internal IP, operating system version, which patches had been applied, and the status of Honda’s endpoint security software.
About Ken Zino
Ken Zino, editor and publisher of AutoInformed, is a versatile auto industry participant with global experience spanning decades in print and broadcast journalism, as well as social media. He has automobile testing, marketing, public relations and communications experience. He is past president of The International Motor Press Assn, the Detroit Press Club, founding member and first President of the Automotive Press Assn. He is a member of APA, IMPA and the Midwest Automotive Press Assn. He also brings an historical perspective while citing their contemporary relevance of the work of legendary auto writers such as Ken Purdy, Jim Dunne or Jerry Flint, or writers such as Red Smith, Mark Twain, Thomas Jefferson – all to bring perspective to a chaotic automotive universe. Above all, decades after he first drove a car, Zino still revels in the sound of the exhaust as the throttle is blipped during a downshift and the driver’s rush that occurs when the entry, apex and exit points of a turn are smoothly and swiftly crossed. It’s the beginning of a perfect lap. AutoInformed has an editorial philosophy that loves transportation machines of all kinds while promoting critical thinking about the future use of cars and trucks. Zino builds AutoInformed from his background in automotive journalism starting at Hearst Publishing in New York City on Motor and MotorTech Magazines and car testing where he reviewed hundreds of vehicles in his decade-long stint as the Detroit Bureau Chief of Road & Track magazine. Zino has also worked in Europe, and Asia – now the largest automotive market in the world with China at its center.