Saturday, December 2, 2023

Honda Leaked Over 50,000 Users Personal Information of it’s Honda Connect App

By Balaji

Honda Car India leaked over 50,000 users Personal information of it’s Honda Connect App which is stored in the publicly unsecured Amazon AWS S3 Buckets.

Experts recently discovered two public unsecured Inside of the AWS Bucket contains an unprotected database which maintained by Honda Connect App.

Honda-Connect is a smartphone app that boasts that it gives the user a sense of security and safety also it gives a variety of futures for its users.

Important future of Honda Connect App including  Periodic service alerts, Service Booking/Editing, Feedback System, Nearby Dealer and Fuel pump locator, My Documents (to store important documents for your car), Fuel Log, SoS (a one-click solution to let family and friends know your exact location in an emergency).

Leaked Data From Honda Connect App

Unsecured Amazon AWS S3 Buckets leaked very sensitive personal information such as ed names, phone numbers for both users and their trusted contacts, passwords, gender, email addresses for both users and their trusted contacts, plus information about their cars including VIN, Connect IDs, and more.

This leak has been reported by Security researchers from kromtech, they are not the first one who find this leak but before that security researcher @Random_Robbie (twitter), who left them the following note called poc.txt, which was dated February 28, 2018

Aslo he warned the S3 Bucket users that “If you find POC.txt in your S3 bucket you need to secure it asap!”

Leaked information could be useful for cybercriminals that they will use it for various malicious activities such as access to everything on that phone, but specifically regarding this app when paired with a Connected Device: where someone’s car is currently located, where they went, where they typically drive, how they drive, and where they start and stop.

Also, Phone numbers and Email addresses will be used for launch a very targeted spear phishing attack.

Managed WAF Protection

Website

Latest articles

Chrome

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...
CVE/vulnerability

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...
Cyber Security News

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...
Cyber Security News

Hotel’s Booking.com Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...
CVE/vulnerability

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...
cyber security

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...
cryptocurrency

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Register Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

[email protected]