New

Hacken is launching a monitoring tool. Get details and join our beta program

More

A Garmin-owned navigation company inadvertently exposed customer information

A Garmin-owned navigation company inadvertently exposed customer information
  • Discover
  • cybersecurity
  • data breach alert
  • Industry News
  • security analisys

8 Oct 2018

Navionics, an Italian electronic marine navigation charts company that was recently acquired by Garmin, inadvertently exposed a 19GB product and customer database as a result of MongoDB misconfiguration incident.

The Issue

The database was indexed by the Shodan search engine on Sept 9th and we discovered it the next day on Sept 10.
The dataset contained the records of 261,259 unique customers, including email addresses, names in some cases, purchased products IDs, and user IDs.

The database also contained information such as application version and platform used, device ID, longitude and latitude, boat speed, a navigation device, horizontal accuracy, and other navigation details.

Hacken’s Actions

As soon as we identified the owner of the data (on Sept 11), we sent a responsible disclosure notification to Navionics, and the data was secured on the same date.

Reached for comment, Navionics stated:

Navionics takes data protection very seriously, and we are grateful that Mr. Diachenko notified us of this misconfiguration using the responsible disclosure model. Once notified, we immediately investigated and resolved the vulnerability. Following our investigation, we confirmed that none of the records or data were otherwise accessed or exfiltrated, and none of the data was lost. Even so, Navionics still notified affected customers via e-mail by October 8, 2018

Luckily, the database remained intact when we discovered it, so this incident should not affect current Navionics customers. We applaud Navionics/Garmin rapid response to the issue, they immediately took down that server upon notification and began investigating.

Summing Up

The main takeaway from this is the importance of security at every stage of your development process. It should not even be argued that your development network must be one of your most secure networks, for it contains your intellectual property. As we learned from this incident, one never knows when transient firewall rules may inadvertently expose your development machines to the public. In this case, it appears to have only exposed some pieces of personal information, but for others, it could be critical intellectual property or even your entire subscriber base that could be exposed.

How Hacken can help

At Hacken, we take security extremely seriously, and all the checks are performed according to the highest standards. If you have any questions about the topic or need a consultation, feel free to contact our Team!

Read also:

An Interview with Bob Diachenko, Hacken’s Director of Cyber Risk Research
Case study: Hacken partners TTC Protocol to Build a Secure Blockchain and Protect Customer Data
FitMetrix exposed millions of customers’ records in a passwordless database

share via social

Subscribe to our research

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email


    Interested in getting to know whether your systems are vulnerable to cyberattacks?

    Tell us about your project

    • This field is required
    • This field is required
      • whatsapp icon WhatsApp
      • telegram icon Telegram
      • wechat icon WeChat
      • signal icon Signal
    • This field is required
    • This field is required
    • This field is required
    • This field is required
    This field is required
    departure icon

    Thank you for your request

    Get security score on

    • certified logo
    • coingeco logo
    • coin market cap logo

    1,070+ projects audited

    companies logos

    Apply for partnership

    • This field is required
    • This field is required
    • This field is required
    • This field is required
      • Foundation
      • VC
      • Angel investments
      • IDO or IEO platform
      • Protocol
      • Blockchain
      • Legal
      • Insurance
      • Development
      • Marketing
      • Influencer
      • Other
    This field is required
    This field is required
    departure icon

    Thank you for your request

    Get security score on

    • certified logo
    • coingeco logo
    • coin market cap logo

    1,070+ projects audited

    companies logos

    Get in touch

    • This field is required
    • This field is required
    • This field is required
    • This field is required
    This field is required
    By submitting this form you agree to the Privacy Policy and information beeing used to contact you
    departure icon

    Thank you for your request

    Get security score on

    • certified logo
    • coingeco logo
    • coin market cap logo