Honda India left customer data on unsecured public servers

Thanks to BHPian kap04 for sharing this information with other enthusiasts!

An international software development company called Kromtech Security has published a report suggesting that Honda Car India stored customer data on unsecured public servers, leaving personal details of 50,000 users vulnerable to data theft.

According to the report, the personal information of users of the Honda Connect App was stored on two unsecured public Amazon AWS S3 Buckets. The data contained names, phone numbers, passwords, gender, emails, vehicle identification numbers (VIN) and Connect IDs to name a few.

3 months before Kromtech found the exposed S3 buckets, Robbie Wiggins - a security researcher had already left a message urging Honda Car India to secure the S3 buckets. 

Kromtech then notified Honda Car India about the breach. The company has since secured the vulnerable S3 buckets.

Source: Kromtech Security