Honda and Universal Music Group (UMG) have both been left red-faced this week after researchers revealed sensitive log-in details and customer data were exposed to the public internet via poor configuration of IT infrastructure.
The carmaker’s Indian business left two Amazon AWS S3 Buckets containing personal information on 50,000 Honda Connect App users publicly exposed, according to Kromtech.
They were left exposed despite the firm having been notified about the error by another security researcher back in February.
The leaked info apparently included names, phone numbers for users and their trusted contacts, passwords, gender, email addresses for users and trusted contacts, and information about their cars including VIN, Connect IDs, and more.
“In this particular case, the information leaked could potentially give an attacker access to everything on that phone, but specifically regarding this app when paired with a Connected Device: where someone’s car is currently located, where they went, where they typically drive, how they drive, and where they start and stop,” Kromtech explained.