Hacker News new | past | comments | ask | show | jobs | submit login
Honda Motor Company leaks database with 134M rows of employee computer data (rainbowtabl.es)
14 points by valiant-comma 83 days ago | hide | past | web | favorite | 3 comments

Good work!

What I personally find "unbelievable" is that one needs to go to Twitter to find contacts (a human) or the security team.

I mean, how difficult can it be (or how much does it cost) to have a "security@company_name.com" mail address and actually monitor it (particularly for large companies that actually have a security team)?

On a very minor-minor scale, a few years ago, while I was looking for some information on the settings of a router, I happened to find out (no Shodan, a normal google search) a number of instances of that given router "homepage" that were:

1) accessible from the internet

2) set with "admin" as password

All in all I found some twenty or so of those, since the model was more "soho" than "enterprise" I managed to contact all the people at the "small firms" involved, the exception were two (large, international) companies. In the end I found a way to contact one of the two, the other one was simply impossible.

Great job, @xxdesmus.

I was surprised to figure out kibana doesn't have any access authorisation out of the box, which results in cases like this in companies, where security is treated poorly (by large, most of japanese companies).

Author of the post here -- happy to answer any questions.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact