Wednesday, September 18, 2024
HomeData BreachHonda Leaked Over 50,000 Users Personal Information of it's Honda Connect App

Honda Leaked Over 50,000 Users Personal Information of it’s Honda Connect App

Published on

Honda Car India leaked over 50,000 users Personal information of it’s Honda Connect App which is stored in the publicly unsecured Amazon AWS S3 Buckets.

Experts recently discovered two public unsecured Inside of the AWS Bucket contains an unprotected database which maintained by Honda Connect App.

Honda-Connect is a smartphone app that boasts that it gives the user a sense of security and safety also it gives a variety of futures for its users.

- Advertisement - EHA

Important future of Honda Connect App including  Periodic service alerts, Service Booking/Editing, Feedback System, Nearby Dealer and Fuel pump locator, My Documents (to store important documents for your car), Fuel Log, SoS (a one-click solution to let family and friends know your exact location in an emergency).

Leaked Data From Honda Connect App

Unsecured Amazon AWS S3 Buckets leaked very sensitive personal information such as ed names, phone numbers for both users and their trusted contacts, passwords, gender, email addresses for both users and their trusted contacts, plus information about their cars including VIN, Connect IDs, and more.

This leak has been reported by Security researchers from kromtech, they are not the first one who find this leak but before that security researcher @Random_Robbie (twitter), who left them the following note called poc.txt, which was dated February 28, 2018

Aslo he warned the S3 Bucket users that “If you find POC.txt in your S3 bucket you need to secure it asap!”

Leaked information could be useful for cybercriminals that they will use it for various malicious activities such as access to everything on that phone, but specifically regarding this app when paired with a Connected Device: where someone’s car is currently located, where they went, where they typically drive, how they drive, and where they start and stop.

Also, Phone numbers and Email addresses will be used for launch a very targeted spear phishing attack.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

UNC2970 Hackers Attacking Job Seekers Using Weaponized PDF Reader

UNC2970, a North Korean cyber espionage group, used customized SumatraPDF trojans to deliver MISTPEN...

Microsoft Windows Kernel Vulnerability Exploited in the Wild

Microsoft has confirmed the exploitation of a Windows Kernel vulnerability, identified as CVE-2024-37985, in...

Discord Announces End-to-End Encryption for Audio & Video Chats

Discord has introduced end-to-end encryption (E2EE) for audio and video chats.Known as the...

Threat Actor Allegedly Selling Bharat Petroleum Database

A threat actor has allegedly put up for sale a database belonging to Bharat...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Threat Actor Allegedly Selling Bharat Petroleum Database

A threat actor has allegedly put up for sale a database belonging to Bharat...

Fortinet Confirms Data Breach Following Hacker’s Claim of 440GB Data Theft

Fortinet, a leading cybersecurity firm, has confirmed a data breach involving a third-party cloud...

New Android Spyware As TV Streaming App Steals Sensitive Data From Devices

Recent research has revealed a new Android malware targeting mnemonic keys, a crucial component...