An Elasticsearch database with more than 134 million records belonging to car maker Honda Motor Co. was discovered unsecured online by a security researcher earlier this month in yet another case of a company failing to secure its cloud-hosted data properly.

Discovered by researcher Justin Paine and detailed on Rainbowtabl.es today, the database was found through a search on the Shodan security search engine on July 4. The Elasticsearch database contained approximately 134 million documents totaling 40 gigabytes of data going back to March 13 this year. The documents primarily consisted of internal systems data.

“The data contained within this database was related to the internal network and computers of Honda Motor Company,” Paine said. “The information available in the database appeared to be something like an inventory of all Honda internal machines. This included information such as machine hostname, MAC address, internal IP, operating system version, which patches had been applied and the status of Honda’s endpoint security software.”

While the database did include employee information such as names, emails and the employee’s last login it was security data in the database that was the biggest cause for concern according to Paine. In one file, 3,000 data points were stored in a table labeled “uncontrolledmachine,” which is presumed to be a reference to computers on Honda’s network that are not using endpoint security software.

“If an attacker is looking for a way into Honda’s network knowing which machines are far less likely to identify/block their attacks would be critical information,” Paine explained. “These ‘uncontrolled machines’ could very easily be the open door into the entire network.”

Some of the employee data was more notable than others, however. One dataset included details of Honda Chief Executive Officer Takahiro Hachigo’s full email, account name and employee ID, last login date, as well as device data such as MAC address, patching history, OS version, endpoint security status, IP address and device type. According to Paine, that data in the wrong hands could have easily allowed hackers to target Hachigo.

The only good news in the story is upon being informed of the exposed database, Honda acted the same day to secure it. Officially, Honda said it had checked the system’s access logs and found no signs of data download by any third parties, meaning that it wasn’t stolen by bad actors. But the case once again highlights the often poor state of poor cloud security.

Photo: Shuets Udono/Wikimedia Commons