
Honda Motor Company leaks database with 134M rows of employee computer data - valiant-comma
https://rainbowtabl.es/2019/07/31/honda-motor-company-leak/
======
jaclaz
Good work!

What I personally find "unbelievable" is that one needs to go to Twitter to
find contacts (a human) or the security team.

I mean, how difficult can it be (or how much does it cost) to have a
"security@company_name.com" mail address and actually monitor it (particularly
for large companies that actually have a security team)?

On a very minor-minor scale, a few years ago, while I was looking for some
information on the settings of a router, I happened to find out (no Shodan, a
normal google search) a number of instances of that given router "homepage"
that were:

1) accessible from the internet

2) set with "admin" as password

All in all I found some twenty or so of those, since the model was more "soho"
than "enterprise" I managed to contact all the people at the "small firms"
involved, the exception were two (large, international) companies. In the end
I found a way to contact one of the two, the other one was simply impossible.

------
jesterson
Great job, @xxdesmus.

I was surprised to figure out kibana doesn't have any access authorisation out
of the box, which results in cases like this in companies, where security is
treated poorly (by large, most of japanese companies).

------
xxdesmus
Author of the post here -- happy to answer any questions.

