An unsecured database containing 40 gigabytes of data belonging to the Honda Motor Company was discovered recently.
The data contained employee information, including names, email addresses, and employee IDs, as well as sensitive network information detailing the security status of connected computers. Among those exposed in the leak was Honda CEO Takahiro Hachigo.
“What makes this data particularly dangerous in the hands of an attacker is that it shows you exactly where the soft spots are,” wrote security researcher Justin Paine, who first discovered the data. “In the hands of an attacker this leaked data could be used to silently monitor those executives to identify ways to launch very targeted attacks.”
Paine discovered the leaked data on Shodan, an IoT-centric search engine that has identified similar unsecured servers in the past. The data was indexed July 1, discovered by Paine July 4, and secured by Honda two days later.
“We investigated the system’s access logs and found no signs of data download by any third parties. At this moment, there is no evidence that data was leaked,” Honda wrote in a response to Paine’s notification.
Read Paine’s article describing his findings here.