Unsecured Database Exposes Security Risks in Honda's Network (Jul 31, 2019)
A database containing 40 GB of information associated with approximately 300,000 Honda employees was left publicly accessible. The information included 134 million documents consisting of: hostname, IP address, MAC address, operating system, which patches had been applied, and the status of Honda’s endpoint security software; along with Honda employee information including email addresses, endpoint security vendor information, hostnames, last login, name, operating systems, and patch status. The database even included information on Honda’s CEO such as account name, email, IP, MAC address, patch status, and security status. Hosted on ElasticSearch, the misconfigured database was left open for six days between June 25 and July 1, before Honda secured the database and thanked the researcher who identified the misconfiguration.
Recommendation: It is crucial for companies to apply the correct configurations to their database. A misconfigured database can cause leaks of sensitive information which can be used for malicious purposes.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.