A compromised database at Honda essentially enabled anybody to view which systems on the network were exposed to unpatched security defects, possibly providing hackers with inside knowledge of the automotive giant’s vulnerabilities.
The server possessed over 100 million rows of employee systems data from Honda’s terminal security service, containing information of every computer and device linked to the internal network.
Because the database had no password, the data was available to practically anybody. The Information included operating system details, network identifiers and IP addresses, endpoint security status, and which patches had been installed. This could provide a hacker with the info they would need to establish which systems are open to attack.
The database was shutdown shortly after security researcher Justin Paine discovered the vulnerable database at the start of the month.
The exposure extends beyond just one dealership
“I thought this was likely to be just a single Honda dealership,” said Paine. “The odds of that seemed far more likely than a database containing information related to all of Honda’s global network of employee machines.”
The database held information on several Honda locations worldwide, including Mexico, the United Kingdom, and the United States.
“What makes this data particularly dangerous in the hands of an attacker is that it shows you exactly where the soft spots are,” said Paine. “This data contained enough identifiable information to make it extremely simple to locate specific high value employees and in the hands of an attacker this leaked data could be used to silently monitor for ways to launch very targeted attacks on those executives”.
Spokesperson for Honda, Marcos Frommer, says, “The security of our data is critical to us, and we are continually reviewing our processes to ensure that our data is protected. We have investigated this specific issue and have taken steps to address the matter. We will take appropriate actions in accordance with relevant laws and regulations, and will continue to work on proactive security measures to prevent similar incidents in the future”.