Monday, March 3, 2025
HomeData BreachHonda Leaked Over 50,000 Users Personal Information of it's Honda Connect App

Honda Leaked Over 50,000 Users Personal Information of it’s Honda Connect App

Published on

SIEM as a Service

Follow Us on Google News

Honda Car India leaked over 50,000 users Personal information of it’s Honda Connect App which is stored in the publicly unsecured Amazon AWS S3 Buckets.

Experts recently discovered two public unsecured Inside of the AWS Bucket contains an unprotected database which maintained by Honda Connect App.

Honda-Connect is a smartphone app that boasts that it gives the user a sense of security and safety also it gives a variety of futures for its users.

Important future of Honda Connect App including  Periodic service alerts, Service Booking/Editing, Feedback System, Nearby Dealer and Fuel pump locator, My Documents (to store important documents for your car), Fuel Log, SoS (a one-click solution to let family and friends know your exact location in an emergency).

Leaked Data From Honda Connect App

Unsecured Amazon AWS S3 Buckets leaked very sensitive personal information such as ed names, phone numbers for both users and their trusted contacts, passwords, gender, email addresses for both users and their trusted contacts, plus information about their cars including VIN, Connect IDs, and more.

This leak has been reported by Security researchers from kromtech, they are not the first one who find this leak but before that security researcher @Random_Robbie (twitter), who left them the following note called poc.txt, which was dated February 28, 2018

Aslo he warned the S3 Bucket users that “If you find POC.txt in your S3 bucket you need to secure it asap!”

Leaked information could be useful for cybercriminals that they will use it for various malicious activities such as access to everything on that phone, but specifically regarding this app when paired with a Connected Device: where someone’s car is currently located, where they went, where they typically drive, how they drive, and where they start and stop.

Also, Phone numbers and Email addresses will be used for launch a very targeted spear phishing attack.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Threat Actors Exploiting AES Encryption for Stealthy Payload Protection

Cybersecurity researchers have uncovered a surge in the use of Advanced Encryption Standard (AES)...

33.3 Million Cyber Attacks Targeted Mobile Devices in 2024 as Threats Surge

Kaspersky's latest report on mobile malware evolution in 2024 reveals a significant increase in...

Routers Under Attack as Scanning Attacks on IoT and Networks Surge to Record Highs

In a concerning trend, the frequency of scanning attacks targeting Internet of Things (IoT)...

Google Launches Shielded Email to Keep Your Address Hidden from Apps

Google is rolling out a new privacy-focused feature called Shielded Email, designed to prevent apps...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Chinese Hackers Breach Belgium State Security Service as Investigation Continues

Belgium’s State Security Service (VSSE) has suffered what is being described as its most...

260 Domains Hosting 5,000 Malicious PDFs to Steal Credit Card Data

Netskope Threat Labs uncovered a sprawling phishing operation involving 260 domains hosting approximately 5,000...

Authorities Arrested Hacker Behind 90 Major Data Breaches Worldwide

Cybersecurity firm Group-IB, alongside the Royal Thai Police and Singapore Police Force, announced the...