Written by James Orme Thu 1 Aug 2019

Stockpile of Honda internal system data found on unsecured Elasticsearch database

A security researcher has found an unsecured Elasticsearch database belonging to Honda Motor Company containing 134 million rows of internal network and employee computer data.

Justin Paine, the researcher who discovered the database on 4 July on Shodan, said the 40GB database “appeared to be something like an inventory” of Honda’s global systems, and included data such as machine hostnames, MAC addresses, internal IPs, operating system versions, OS patch status and the status of the company’s endpoint security software.

Paine said Honda reacted promptly to secure the database after he notified the company of his discovery.

In a statement to Paine, Honda thanked the researcher for alerting the company to the exposed database and claimed that no data was compromised.

“We investigated the system’s access logs and found no signs of data download by any third parties. At this moment, there is no evidence that data was leaked,” the company said.

“We will take appropriate actions in accordance with relevant laws and regulations, and will continue to work on proactive security measures to prevent similar incidents in the future.”

While the database contained information relating to Honda’s global systems, Paine said the bulk of the data related to the company’s Japanese workforce.

According to Paine, a cyber attacker could have used the data to identify weak points in Honda’s cyber systems and locate computers belonging to the C-Suite, information that could be used to launch a targeted attack on the company’s most valuable assets.

“If an attacker is looking for a way into Honda’s network knowing which machines are far less likely to identify/block their attacks would be critical information,” Paine said. “These “uncontrolled machines” could very easily be the open door into the entire network.”

When migrating data to cloud instances, it is basic cloud security practice to ensure access requires authentication.

Yet time and again major international companies are failing to secure data on the cloud, exposing their customers and ultimately risking the future of their businesses. Just this week even, the personal data of 106 million Capital One customers was exposed after being stored on unsecured AW3 S3 instances.