Friday, November 1, 2024
HomeData BreachHonda Leaked Over 50,000 Users Personal Information of it's Honda Connect App

Honda Leaked Over 50,000 Users Personal Information of it’s Honda Connect App

Published on

Malware protection

Honda Car India leaked over 50,000 users Personal information of it’s Honda Connect App which is stored in the publicly unsecured Amazon AWS S3 Buckets.

Experts recently discovered two public unsecured Inside of the AWS Bucket contains an unprotected database which maintained by Honda Connect App.

Honda-Connect is a smartphone app that boasts that it gives the user a sense of security and safety also it gives a variety of futures for its users.

- Advertisement - SIEM as a Service

Important future of Honda Connect App including  Periodic service alerts, Service Booking/Editing, Feedback System, Nearby Dealer and Fuel pump locator, My Documents (to store important documents for your car), Fuel Log, SoS (a one-click solution to let family and friends know your exact location in an emergency).

Leaked Data From Honda Connect App

Unsecured Amazon AWS S3 Buckets leaked very sensitive personal information such as ed names, phone numbers for both users and their trusted contacts, passwords, gender, email addresses for both users and their trusted contacts, plus information about their cars including VIN, Connect IDs, and more.

This leak has been reported by Security researchers from kromtech, they are not the first one who find this leak but before that security researcher @Random_Robbie (twitter), who left them the following note called poc.txt, which was dated February 28, 2018

Aslo he warned the S3 Bucket users that “If you find POC.txt in your S3 bucket you need to secure it asap!”

Leaked information could be useful for cybercriminals that they will use it for various malicious activities such as access to everything on that phone, but specifically regarding this app when paired with a Connected Device: where someone’s car is currently located, where they went, where they typically drive, how they drive, and where they start and stop.

Also, Phone numbers and Email addresses will be used for launch a very targeted spear phishing attack.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Grayscale Investments Data Breach Exposes 693K User Records Reportedly Affected

Grayscale Investments, a prominent crypto asset manager, has reportedly suffered a data breach affecting...

Northern Ireland Police to Pay £750,000 Fine Following Data Breach

The Police Service of Northern Ireland (PSNI) has been ordered to pay a £750,000...

Google Warns Of North Korean IT Workers Have Infiltrated The U.S. Workforce

North Korean IT workers, disguised as non-North Koreans, infiltrate various industries to generate revenue...