Data leak at Honda could have compromised the entire company's security

  • A database leak at global car manufacturer Honda was discovered that could potentially have compromised the entire company's security in the wrong hands.

    The consequences of leaving corporate databases unsecured in today's digital world are well known, but it's not often that a data leak threatens an entire global firm's security. That's the potential threat faced recently by Honda after it was discovered that a massive database containing everything from employee details to company computer security information had itself been left unsecured.

    The leak was found on July 4th by Cloudflare's Director of Trust & Safety and security expert Justin Paine when he discovered an open ElasticSearch cloud database without any authentication. On closer inspection, he found that it contained data on car manufacturer Honda that was clearly not intended to be visible online.

    The database contained an inventory of computer equipment across Honda, including IP addresses, internal MAC addresses, details of which operating systems and security patches each computer had, and the name of the security endpoint the company uses. Had this data been obtained by a hacker, it would have given them a blueprint of all the weak spots in Honda's corporate network security in several offices around the world.

    Personal details of employees were also found in the database and records included the firm's presence in the UK, making this a potential data breach under GDPR. Paine managed to make contact with Honda to report the incident on July 6th, and the company secured the database the same day.

    A Honda representative confirmed to Paine that it investigated the cloud system's access logs and found no signs that any third parties had downloaded their data, and that it was taking the appropriate steps for the incident in accordance with relevant laws and regulations. Nevertheless, this massive security near-miss could have spelled disaster for the company's security globally and ultimately its bottom line.


    About the author

    Brendan is a Sync NI writer with a special interest in the gaming sector, programming, emerging technology, and physics. To connect with Brendan, feel free to send him an email or follow him on Twitter.

    Got a news-related tip you’d like to see covered on Sync NI? Email the editorial team for our consideration.

Share this story