An unsecured ElasticSearch database belongs to largets automobile manufacturer exposed online. The exposed documents include internal network and computers data of Honda Motor Company.
Security researcher Justin Paine uncovered the leaked database, the ElasticSearch database contains 134M that worth around 40GB of data. It appears the database publically available for more than a week.
The unprotected database contains sensitive information such as “hostname, MAC address, internal IP, operating system version, which patches had been applied, hostnames and the status of Honda’s endpoint security software.”
Exposed data
The databases contain dealership information and the data related to Honda’s global network of employee machines. It exposes the names of endpoint security vendor networks that protect Honda’s machines and the high-level employee’s data such as CEO, CFO, CSO, etc.
By having the unique data attackers can launch targeted attacks and can exploit the vulnerability to get access over the network and to penetrate further.
A table in name “ad_com_all” exposes the OS versions, hostnames and has over 300,000 data points, another table spotted has employee name, department, last login, employee number and account names.
Paine also identified several tables that include the employee email, department, machine IP address, MAC address, hostname, operating system, machine type, endpoint security state, printer name, internal I Pand which Windows KB/patches.
Also, the leaks include the “CEO’s full email, full name, department, MAC address, which Windows KB/patches had been applied, OS, OS version, endpoint security status, IP, and device type.”
Paine reached out to Honda’s security team on July 6th and the ElasticSearch database was secured, here is the statement from Honda.
“Thank you very much for pointing out the vulnerability. The security issue you identified could have potentially allowed outside parties to access some of Honda’s cloud-based data that consisted of information related to our employees and their computers. We investigated the system’s access logs and found no signs of data download by any third parties. At this moment, there is no evidence that data was leaked, excluding the screenshots taken by you. We will take appropriate actions by relevant laws and regulations, and will continue to work on proactive security measures to prevent similar incidents in the future.”
