Cloud Misconfiguration Woes- Honda, Capital One who next
In early July, Honda Motor Company, one of the worldu2019s largest automobile manufacturers with offices across the globe reportedly exposed 134 million rows of sensitive data as a result of an unprotected, internet-accessible ElasticSearch database. It was reported that the database contained information relating to the internal network and computers of Honda. This information included the machine hostname, MAC address, IP, OS version, installed patches, employee name, department, last login, employee number, details of endpoint security systems and the name of the security vendor; and which machines have endpoint security enabled and their status. An attacker could easily discover any weakness within Hondau2019s internal network on the basis of the exposed information. The security researcher who discovered the vulnerability found that the 134 million documents amounted to 40GB of approximately 3.5 monthsu2019 worth of data, and 40,000 data points were being added to the database every day.
★
★
★
★
★
61 views • 5 slides
