Global automobile manufacturer Honda Motor Company recently suffered a data breach after a leaky database exposed its employees’ sensitive information online.
According to a security researcher Justin Paine, who discovered and reported the incident, an unprotected ElasticSearch database exposed around 134 million rows of sensitive data from Honda’s network systems.
Database Zone defines Elasticsearch as a database that stores, retrieves, and manages document-oriented and semi-structured data.
The exposed information included technical details of employees such as machine hostname, MAC address, internal IP, operating system version, installed patches, and the status of Honda’s endpoint security software.
Apart from these technical details, the database also exposed employee’s data such as email address, employee name, department, last login, employee number, and account name. The database even revealed information related to the CEO’s laptop, full name, email address, email nickname, employee ID, account name, last login date, department, MAC address, installed patches, OS version, endpoint security status, IP address, and device type.
The researcher revealed that the database was apparently left online without password protection on July 1, 2019, and it was discovered on July 4. However, authorities at Honda clarified that the database was secured after it was alerted by the researcher.
Earlier, a similar kind of Elasticsearch server exposed more than 24 million financial and banking documents online. According to security researcher Bob Diachenko, the exposed server contained highly sensitive data of thousands of individuals who took mortgages over the past decade with the U.S. banks and other financial institutions.
Bob Diachenko stated that he identified the unprotected server on January 10, 2019, which contained 24,349,524 credit and mortgages reports occupying 51 GB storage. The server was taken offline and the data was secured on January 15, 2019, after Diachenko reported the incident to the server’s vendor.
The insecure server allowed open access to the documents that contained loan and mortgage agreements, repayment schedules, financial and tax documents, names, addresses, birth dates, social security numbers, and other sensitive information.