Friday, August 2, 2019

Capital One needed a Skilled engineer for 100M hack, Honda only needed a dumb admin to expose 134M rows of sensitive data


 The data was on an unsecured Elasticsearch database that was freely accessible to anyone who came across it, and contained in-depth information about the company’s security systems and network.

This includes technical details of each individual computer, including IP addresses, operating systems, unique network identifiers and security solutions and patches.


As a result, the data would provide any malicious actors with an exhaustive map of the company’s systems, including all the soft spots that would provide easy access to the network. Any skilled – or even relatively unskilled – hacker could use this information to perform a successful and potentially devastating cyberattack on Honda, such as highly targeted attacks on high value employees

https://www.verdict.co.uk/honda-database-exposure/

No comments:

Post a Comment