In what has been called a “hacker’s dream,” Honda exposed critical company data on an unsecured Elasticsearch database. Even hackers of the lowest skill level could have broken in.
Igor Baikalov, chief scientist at the cybersecurity firm Securonix, said that Honda recently exposed its “most sought-after information” in a dream scenario for any hacker. What was left exposed could have allowed a nefarious actor to own Honda’s entire network.
A Treasure Trove of Corporate Secrets Left Exposed
Honda seems to have fallen asleep at the wheel in handling its most sensitive data.
Critical company data, totaling some 134M rows of systems data, was stored on an unsecured database via Elasticsearch. The treasure trove of information included IP addresses, operating systems, security systems, all networks, and employee data. All corporate secrets were left for the taking due to an administrative blunder. According to Securonix, any relatively unskilled hacker could have accessed these files. It’s still unknown if anything was accessed, but it points towards serious vulnerabilities in Honda’s cyber-infrastructure.
With the stolen information, hackers would have been able to exploit the weakest points of the company’s security. Overall, the situation demands better behavior analytics technology so that companies can be alerted of these vulnerabilities. It is unknown for how long the data was left exposed, and, if it was stolen, the hackers potentially could be planning to weaponize the data in near-future.
Administrative Negligence to Blame
Overall, the Honda fiasco exposes the persistent vulnerabilities in database management systems today. For example, how could it be that 40Gb of corporate secrets can so easily be left exposed due to administrative negligence? Arguably, no individual—administrator or otherwise—should have the power that even allows for such a mistake.
Perhaps Honda should consider looking at distributed ledger systems as a decentralized solution to its current poor data management. There is some indication that the company was working on such an idea this year, leveraging blockchain technology to power its cars’ ‘smart grids.’ However, the company has yet to imply this decentralized concept to its own management structure and data storage systems.
Rather than focus on its cars, maybe Honda should instead consider cleaning up its corporate management. If such a gaping data hole was able to go unnoticed, it is possible that there are others just like it yet to be discovered.
Do you believe Honda’s corporate secrets were likely compromised? Are hackers plotting an attack in the near-future as a result? Let us know your thoughts in the comments down below.
Images courtesy of Shutterstock.