Honda Data Leak – 134 Million Documents Related to Internal Network and Computers Leaked

An unsecured ElasticSearch database belongs to largets automobile manufacturer exposed online. The exposed documents include internal network and computers data of Honda Motor Company.

Security researcher Justin Paine uncovered the leaked database, the ElasticSearch database contains 134M that worth around 40GB of data. It appears the database publically available for more than a week.

The unprotected database contains sensitive information such as “hostname, MAC address, internal IP, operating system version, which patches had been applied, hostnames and the status of Honda’s endpoint security software.”

Exposed data

The databases contain dealership information and the data related to Honda’s global network of employee machines. It exposes the names of endpoint security vendor networks that protect Honda’s machines and the high-level employee’s data such as CEO, CFO, CSO, etc.

By having the unique data attackers can launch targeted attacks and can exploit the vulnerability to get access over the network and to penetrate further.

A table in name “ad_com_all” exposes the OS versions, hostnames and has over 300,000 data points, another table spotted has employee name, department, last login, employee number and account names.

Paine also identified several tables that include the employee email, department, machine IP address, MAC address, hostname, operating system, machine type, endpoint security state, printer name, internal I Pand which Windows KB/patches.

Also, the leaks include the “CEO’s full email, full name, department, MAC address, which Windows KB/patches had been applied, OS, OS version, endpoint security status, IP, and device type.”

Paine reached out to Honda’s security team on July 6th and the ElasticSearch database was secured, here is the statement from Honda.

“Thank you very much for pointing out the vulnerability. The security issue you identified could have potentially allowed outside parties to access some of Honda’s cloud-based data that consisted of information related to our employees and their computers. We investigated the system’s access logs and found no signs of data download by any third parties. At this moment, there is no evidence that data was leaked, excluding the screenshots taken by you. We will take appropriate actions by relevant laws and regulations, and will continue to work on proactive security measures to prevent similar incidents in the future.”

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese…

5 hours ago

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in…

6 hours ago

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against…

6 hours ago

Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks

Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to…

6 hours ago

New Windows Zero-Day Vulnerability Let Attackers Steal Credentials From Victim’s Machine

A security researcher discovered a vulnerability in Windows theme files in the previous year, which…

6 hours ago

SYS01 InfoStealer Malware Attacking Meta Business Page To Steal Logins

The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to…

6 hours ago