A security researcher recently stumbled upon an unprotected database exposing a massive amount of highly sensitive data that could be used by hackers to identify weak links in the networks of Japanese automotive giant Honda.
The leaky server contained an ElasticSearch database that had not been securely configured and was therefore accessible to anyone with an Internet connection. It exposed around 134 million documents that contained information on 300,000 Honda employees as well as “an inventory of all Honda internal machines,” that would have been invaluable to any threat actor looking for a way to breach the company’s defenses, the researcher who discovered the database explained. “This included information such as machine hostname, MAC address, internal IP, operating system version, which patches had been applied, and the status of Honda’s endpoint security software.”
Read more: Unsecured Database Exposes Security Risks in Honda’s Network