Automotive company Honda has exposed approximately 26,000 vehicle owner record belonging to North American customers, due to an ElasticSearch cluster misconfigured on October 21, 2019. The publicly-accessible server, discovered by a Security Discovery researcher on December 11, was secured within hours by Honda’s security team in Japan. The server is said to have housed information such as customer names, email addresses, phone numbers, mailing addresses, and car service information. The company has said that no financial information was exposed.
Peter Draper, technical director EMEA at Gurucul comments:
“The plethora of databases (especially MongoDB and Elatsic) that have been made publicly available with no security is staggering. You would expect every company using the technologies that are constantly reported on for breaches they would actively seek out and secure their own services. But no, it’s still happening.
Misconfiguration is one of the main reasons resources get compromised. Let’s hope that during the period mentioned that the information was not accessed by nefarious individuals other than the security researchers.
Enterprises must be more focused on protecting users data and have the right tools, personnel and processes to do so robustly.”