Garmin-owned navigation unit exposed thousands of boat owners’ data

0
260
A ship carrying shipping containers passes under the Fatih Sultan Mehmet Bridge while navigating the Bosphorus Straits in Istanbul, Turkey, on 8 August 2018. (Photo by Diego Cupolo/NurPhoto via Getty Images)

Navionics, an electronic navigational chart maker owned by tech giant Garmin, has secured an exposed database that contained hundreds of thousands of customer records.

The MondoDB database wasn’t secured with a password, allowing anyone who knew where to look to access and download the data.

The company’s main products give boat, yacht and ship owners better access to real-time navigation charts, and boasts the “world’s largest cartography database.”

Bob Diachenko, Hacken.io’s newly appointed director of cyber risk research, said in a blog post that the 19 gigabyte database contained 261,259 unique records, including customer names and email addresses. The data also and information about their boat — such as latitude and longitude, boat speed and other navigational details — which Diachenko said likely updating in real-time.

After Diachenko contacted the company, Navionics shut down the server. A spokesperson did not return an email requesting comment.

It’s the latest in a string of MongoDB-based exposures. For years, the database was designed to sit behind firewalls and was not automatically password protected. Since more database have become connected directly to the internet, MongoDB refreshed its software to include a password by default. But many outdated installations are still unsecured.

Many exposed MongoDB databases have been accessed by hackers, had their contents downloaded and then wiped, and held to ransom.

MongoDB is one of the most widely used database providers in the world.

Source: TechCrunch

To Read Our Daily News Updates, Please visit Inventiva or Subscribe Our Newsletter & Push.

More from our site

READ  In its first cyberoperation against Russian trolls, U.S. takes a gentle approach

Comments

comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.