Connect with us

Malware

Honda’s Data Breach Reveals Vulnerabilities in API – Customer Information, Dealer Panels, and Internal Documents at Risk

Honda customers’ personal information, including login credentials, was exposed due to API vulnerabilities. The flaws were discovered by a security researcher who notified Honda. The company has since fixed the issues. The exposed data included customer names, email addresses, phone numbers, and car details. Honda has not found any evidence of data misuse but is still investigating.

Published

on

A group of people working on computers in an office.

Honda’s E-commerce Platform Vulnerable to Unauthorized Access Due to API Flaws

IT Services has discovered that Honda’s e-commerce platform for power equipment, marine, and lawn & garden was vulnerable to unauthorized access by anyone due to API flaws that allowed password reset for any account. Honda is a Japanese manufacturer of automobiles, motorcycles, and power equipment. In this case, only the latter division is impacted, so owners of Honda cars or motorcycles aren’t affected.

IT Services found a security gap in Honda’s systems that allowed unrestricted admin-level data access on the firm’s network. This vulnerability was discovered by a security researcher using the pseudonym ‘Eaton Works’, who is the same individual that breached Toyota’s supplier portal a few months earlier by leveraging similar vulnerabilities.

Eaton Works exploited a password reset API that allowed the password of valuable accounts to be reset, thus providing unrestricted admin-level data access on the firm’s network. According to the researcher, “broken/missing access controls made it possible to access all data on the platform, even when logged in as a test account.”

As a result of this vulnerability, the following information was exposed to the security researcher and possibly to threat actors leveraging the same vulnerability:

  • 21,393 customer orders across all dealers from August 2016 to March 2023 – this includes customer name, address, phone number, and items ordered.
  • 1,570 dealer websites (1,091 of those are active). It was possible to modify any of these sites.
  • 3,588 dealer users/accounts (includes first & last name, email address). It was possible to change the password of any of these users.
  • 1,090 dealer emails (includes first & last name).
  • 11,034 customer emails (includes first & last name).
  • Potentially: Stripe, PayPal, and Authorize.net private keys for dealers who provided them.
  • Internal financial reports.

The above data could be used for launching phishing campaigns, social engineering attacks, or sold on hacker forums and dark web markets. Also, having access to the dealer sites, attackers could plant credit card skimmers or other malicious JavaScript snippets.

What Are the Potential Risks for UPS Customers After the Data Breach and SMS Phishing Scams?

The recent ups data breach exposes sensitive information, posing potential risks for UPS customers. With their personal and financial data compromised, customers may experience identity theft, fraudulent transactions, or even financial losses. Furthermore, SMS phishing scams exploiting this breach can deceive customers into sharing more sensitive data, worsening the already dire consequences. Vigilance and caution are essential to mitigate these risks.

Accessing Admin Panels

Eaton Works discovered that the API flaw lay in Honda’s e-commerce platform, which assigns “powerdealer.honda.com” subdomains to registered resellers/dealers. The researcher found that the password reset API on one of Honda’s sites, Power Equipment Tech Express (PETE), processed reset requests without a token or the previous password, only requiring a valid email.

While this vulnerability isn’t present on the e-commerce subdomains login portal, the credentials switched through the PETE site will still work on them, so anyone can access internal dealership data through this simple attack.

The only missing piece is having a valid email address belonging to a dealer, which the researcher procured from a YouTube video that demoed the dealer dashboard using a test account.

The next step was accessing information from real dealers besides the test account. However, it would be preferable to do so without disrupting their operation and without having to reset the passwords of hundreds of accounts.

The solution the researcher found was to leverage a second vulnerability, which is the sequential assignment of user IDs in the platform and the lack of access protections. This made it possible to access the data panels of all Honda dealers arbitrarily by incrementing the user ID by one until there weren’t any other results. “Just by incrementing that ID, I could gain access to every dealer’s data. The underlying JavaScript code takes that ID and uses it in API calls to fetch data and display it on the page. Thankfully, this discovery rendered the need to reset any more passwords moot,” said Eaton Works.

It is worth noting that the above flaw could have been exploited by Honda’s registered dealers to access the panels of other dealers, and by extension, their orders, customer details, etc.

The final step of the attack was to access Honda’s admin panel, which is the central control point for the firm’s e-commerce platform. The researcher accessed it by modifying an HTTP response to make it appear like he was an admin, giving him unlimited access to the Honda Dealer Sites platform.

The above was reported to Honda on March 16, 2023, and by April 3, 2023, the Japanese firm confirmed that all problems had been fixed.

IT Services recommends that all Honda dealers review their accounts and take appropriate measures to secure their data. We also recommend that Honda establishes a bug bounty program to encourage security researchers to report vulnerabilities responsibly.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Malware

Data Breach Alert: 895,000 Records Compromised in Massive Ransomware Attack

Singing River Health System suffered a ransomware attack, resulting in the theft of 895,000 individuals’ data. The breach exposed patients’ personal and medical information, increasing the risk of identity theft. Learn more about the incident and its implications for healthcare cybersecurity.

Published

on

Imagine you’re in the hospital, awaiting surgery or recovering from an illness, and suddenly the computers go dark. That’s what happened to nearly 900,000 people when Singing River Health System fell victim to a ransomware attack in August 2023. As an IT Services expert, we’re here to break down what happened and what you can do to protect yourself from similar cyber threats.

The Attack on Singing River Health System

Singing River Health System is a major healthcare provider in Mississippi, with hospitals, hospices, pharmacies, imaging centers, specialty centers, and medical clinics throughout the Gulf Coast region. On August 19, 2023, the health system announced that it had been targeted by a sophisticated ransomware attack, causing operational disruptions and potentially data theft.

Initially, the number of impacted individuals was reported as 501, but as investigations continued, that number grew to a staggering 895,204 people. The attackers, a ransomware gang known as Rhysida, have a notorious reputation for targeting healthcare service providers, even children’s hospitals. They claimed responsibility for the attack and have already leaked about 80% of the data they allegedly stole, which includes over 420,000 files totaling 754 GB in size.

What Data Was Exposed?

According to Singing River’s latest update, the exposed data includes:

  • Full name
  • Date of birth
  • Physical address
  • Social Security Number (SSN)
  • Medical information
  • Health information

Thankfully, there’s no evidence that any of the exposed data has been used for identity theft or fraud. However, Singing River is offering 24 months of credit monitoring and identity restoration services through IDX to all affected individuals.

What Can You Do to Protect Yourself?

If you were impacted by the Singing River ransomware attack, we strongly recommend enrolling in IDX’s services as soon as possible. Additionally, take these precautions:

  • Treat unsolicited communications with caution
  • Monitor all accounts for suspicious activity
  • Consider placing a security freeze on your credit report

Remember, cyber threats are constantly evolving, and it’s essential to stay informed and proactive.

Stay Safe and Informed with IT Services

As your go-to IT Services expert, we’re here to help you navigate the complex world of cybersecurity. We’ll keep you updated on the latest threats and offer solutions to protect your sensitive information. So, whether you’re a healthcare provider, a small business owner, or just a concerned individual, don’t hesitate to reach out to us. Together, we can stay one step ahead of cyber criminals.

Continue Reading

Malware

Helsinki Hit by Data Breach: Hackers Exploit Unpatched Vulnerability

Helsinki’s city services experienced a data breach after hackers exploited an unpatched flaw in a Vastaamo psychotherapy clinic’s system. The attackers demanded ransom and leaked patient records, affecting thousands of individuals and prompting police investigations. Ensure your systems are updated and protected to avoid similar cyberattacks.

Published

on

Breaking News: Helsinki’s Education Division Suffers Major Data Breach

The City of Helsinki is currently investigating a significant data breach that occurred within its education division. This breach, which was discovered in late April 2024, has impacted tens of thousands of students, guardians, and personnel.

What Happened?

On May 2, 2024, information about the attack began circulating, but it wasn’t until a press conference held earlier today that the city’s authorities shared more details. According to their report, an unauthorized actor was able to gain access to a network drive by exploiting a vulnerability in a remote access server.

Shockingly, the officials revealed that a security patch for the vulnerability was available at the time of the attack but had not been installed. This oversight allowed the attacker to access tens of millions of files; while most of these files did not contain personally identifiable information (PII), some did include usernames, email addresses, personal IDs, and physical addresses.

The Stakes Are High

Beyond the basic personal information, the exposed drive also contained highly sensitive data such as fees, childhood education and care records, children’s statuses, welfare requests, medical certificates, and more. Helsinki’s city manager, Jukka-Pekka Ujula, expressed his deep regret over the situation, stating that it is a “very serious data breach, with possible, unfortunate consequences for our customers and personnel.” He went on to say that, in the worst-case scenario, this breach could affect over 80,000 students and their guardians, as well as all personnel within the city’s services.

What’s Being Done?

Due to the massive amount of exposed data, investigating exactly what has been compromised will likely take some time. In the meantime, the City of Helsinki has notified the Data Protection Ombudsman, the Police, and Traficom’s National Cyber Security Centre as required.

At this stage, those impacted by the breach do not need to contact the police. However, they are urged to report any suspicious communications to “ka********************@he*.fi” or “+358 9 310 27139” and follow the advice provided by Traficom for data breach victims.

Who’s Behind the Attack?

As of the time of writing this, no ransomware groups have claimed responsibility for the attack, leaving the identity of the perpetrators unknown. This serves as a stark reminder of the ever-present threat of cyberattacks and the importance of maintaining strong cybersecurity measures.

Stay Informed and Stay Safe

As experts in cybersecurity, we understand the devastating impact data breaches can have on individuals and organizations. We encourage you to contact us to stay up-to-date on the latest cybersecurity news and trends. Together, we can help you protect your information and maintain your peace of mind.

Continue Reading

Malware

Australia’s Top Non-Bank Lender Issues Dire Warning of Massive Data Breach

Australian non-bank lender Firstmac has warned customers of a potential data breach. The mortgage provider discovered unauthorized access to its client relationship management system. Firstmac urged clients to remain vigilant and monitor their accounts, while assuring that no financial data was compromised. The company is working with cybersecurity experts to investigate the incident.

Published

on

Firstmac Limited, a major player in Australia’s financial services industry, recently experienced a data breach. Just one day after the new Embargo cyber-extortion group claimed to have stolen over 500GB of data from the company, Firstmac began warning customers of the incident.

With a focus on mortgage lending, investment management, and securitization services, Firstmac is headquartered in Brisbane, Queensland. The company has issued 100,000 home loans and currently manages $15 billion in mortgages, employing 460 people.

Recently, we came across a sample of the notification letter sent to Firstmac customers, which detailed the severity of the data breach.

Tweet

The letter explained that an unauthorized third party accessed part of Firstmac’s IT system. Upon detecting the incident, the company immediately took steps to secure their system.

Following an investigation conducted with the help of external cybersecurity experts, Firstmac confirmed that the following information was compromised:

  • Full name
  • Residential address
  • Email address
  • Phone number
  • Date of birth
  • External bank account information
  • Driver’s license number

Despite the breach, Firstmac assured customers that their accounts and funds remain secure, and the company has since strengthened its systems.

Among the security measures introduced is a new requirement for all account changes to confirm the user’s identity using two-factor authentication or biometrics. Customers who received the notice are also provided with free identity theft protection services through IDCare and are advised to remain cautious with unsolicited communications and regularly check their account statements for unusual activity.

New Embargo gang claimed the attack

Australian news outlets reported about the attack on Firstmac in late April after the Embargo extortion group announced it on its data leak site.

On Thursday, Embargo leaked all data they claimed to have stolen from Firstmac’s systems, including documents, source code, email addresses, phone numbers, and database backups.

Embargo leak
Embargo leak of Firstmac data
Source: IT Services

The new threat group currently only lists two victims on its extortion page, and it’s unclear whether they committed the breaches themselves or bought the stolen data from others to blackmail the owners.

Samples of Embargo encryptors have yet to be found, so it’s unknown if they are a ransomware group or simply focus on extortion.

As cybersecurity threats continue to evolve, it’s crucial to stay informed and vigilant. We encourage you to keep coming back to learn more about the latest developments in cybersecurity and how you can better protect your personal information. Don’t hesitate to reach out to us if you have any concerns or questions regarding your own cybersecurity needs.

Continue Reading

Trending

Copyright © 2023 IT Services Network.