Honda data exposed on Elasticsearch servers

Researcher Justin Paine, through a Shodan search, discovered an Elasticsearch database, owned by Honda Motor Company, without any security measures.

The information contained in the database was related to the company's internal network and equipment, a kind of inventory of Honda's internal machines. Among the filtered data were the machine hostname, MAC address, internal IP, operating system version and the status of Honda's endpoint security software.

Justin Paine contacted the company's security team to inform them of his discovery and Honda staff, in a statement, responded by informing him of the rapid blocking of access to the database. They commented that they found no evidence of third party access to sensitive information.