Honda, the car, motorbike and power tool giant which has used the ad slogan “The Power of Dreams”, has been hit by a potential data breach nightmare after accidentally exposing a swathe of corporate secrets and employee information.
The issue, which has been exposed by a security researcher dubbed “xxdesmus“, who claims that 40GB of critical company information – amounting to 134 million rows of system data – has been left unprotected on an Elasticsearch database that was freely accessible to anyone who came across it.
The cache not only included information about the company’s security systems and networks, but also technical data on all of its IP addresses, operating systems and what patches they had.
In effect, it gave potential hackers the details needed to engage in a massive cyber attack against the company, including personal attacks against its employees.
Igor Baikalov, chief scientist at the cyber security firm Securonix said: “Honda has created a hacker’s dream, a treasure trove of the most sought-after information. Whoever has it, can own Honda’s network.”
That said, it is not known whether the information exposed in the breach has been accessed any individuals or groups, but hackers could have already stolen the information for use at a later date.
In a statement to “xxdesmus”, Honda said: “The security issue identified could have potentially allowed outside parties to access some of Honda’s cloud-based data that consisted of information related to our employees and their computers. We investigated the system’s access logs and found no signs of data download by any third parties.
“At this moment, there is no evidence that data was leaked, excluding the screenshots taken by you. We will take appropriate actions in accordance with relevant laws and regulations, and will continue to work on proactive security measures to prevent similar incidents in the future.”
UK firms battered by one hack attack every 50 seconds
Over 40% of firms suffered cyber breach in past year
Top tourist attractions hit by 110m data theft attacks
Data security chiefs pay soars to €1m as GDPR looms