By on December 31, 2010

It looks like Gawker can find solace in the reassuring fact that they are not the only ones who ended up with a purloined database, containing the privates private details of all their customers. Intimate customer data of Honda has also been robbed and plundered. See, it happens to the best of them.

According to The Nikkei [sub] Honda Motor confirmed the loss of nearly 4.9 million data sets of  people  who registered on the Honda websites. Hackers made away with 2.2 million names, email addresses and car information of current owners who registered their data on the Honda or Acura websites. According to a shocked cnet, the VINs of these cars were also taken. The blackhats also absconded with 2.7 million names and email addresses of people who had expressed their interest in receiving Acura information.

Also according to the Nikkei “Honda said it has already sent emails to the people affected informing them about the situation and asking them to change their passwords, although the passwords were not among the data that were leaked.”

Not good. What will you do when you receive email to change your password? Click on it, or kill it immediately? And didn’t even non-nerds learn from the Gawker debacle that one doesn’t need the password? It can be deduced from the hashcode.

Cnet sees even darker clouds:

“The worry is that affected owners, especially those on the list with the VINs, may be targeted for some kind of phishing attack. Imagine getting an e-mail from someone pretending to be your local Honda dealer who correctly identifies the car you just bought and asks you to give up more personal information so that you can get ‘special offers.’ “

Get the latest TTAC e-Newsletter!

5 Comments on “PSA #3: Honda Owners, Watch Your Email. Very Carefully...”


  • avatar
    tced2

    I received the message from Honda.  It makes no mention of VINs being taken.  Just that I should be careful of “phishing”emails.
     
    below is the text of the warning from Honda,

    Dear Customer,
     
    American Honda Motor Co., Inc. recently became aware of unauthorized access to an email list used by a vendor of customers who receive special offers and newsletters from Acura. We want to assure you that the only information that was obtained was your email address.
     
    We apologize for any inconvenience this may cause. As a company, we believe that all customer relationships must be built on trust. That is why we believe it is important to inform you of this incident. You may be aware of attacks on email marketing systems, therefore we want to assure you that we take the safeguarding of your information seriously and that the appropriate authorities have been contacted regarding this incident. Additionally, we have taken steps to minimize this type of exposure in the future.
     
    As a company, we encourage you to continue to be aware of the increasingly common email scams that may use your email address to contact you and ask for personal or sensitive information. — Be cautious when opening links or attachments from unsolicited third parties. Also know that American Honda Motor Co. Inc. will not send you emails asking for your credit card number, social security number or other personal information. If ever asked for this information, you can be confident it is not from us.
     
    Again, let us reassure you that we are taking necessary steps to safeguard your personal information.
     
    Thank you.
     
    American Honda Motor Co., Inc.

  • avatar
    Hooferaffa

    Looks like different data from different lists. Mine mentions the VIN
     
    American Honda Motor Co., Inc. recently became aware of unauthorized access to an email list used by a vendor to create a welcome email to customers who have an Owner Link or My Acura vehicle account. The data that was obtained included your email address, your name, Vehicle Identification Number (VIN) and User ID. Your password was not included and no other sensitive information was contained in that list.

  • avatar
    JimC

    So I suppose this means that although I sold my Honda three years ago, I’ll get inundated with emails describing the following:
     
    “According to our records your car might need maintenance soon.  Click ‘here’or stop in for our xx,xxx mile service”
     
    “We have a need for used xx Honda xxxxx models in good condition.  According to our records you may be the owner of just such a car.  Click ‘here’ or stop in today for a trade in offer to upgrade to the latest exciting new Hondas!”
     
    Wait, this already happens!
     
    Happy New Year TTAC! :)

    • 0 avatar
      geozinger

      @JimC: If you think that’s annoying, I still get postcards claiming I need maintenance work done on a pickup truck I bought 12 years ago and traded in 9 years ago. In between the purchase and the trade-in  dates I moved 5 states away. And they still managed to find me.
       
      But somehow they still haven’t gotten the idea that I sold the truck years ago…

  • avatar
    GS650G

    The click here is the problem if it executes scripts or code on your machine. This is a really big deal and provides a new “in” for hackers previously unthought of.


Back to TopLeave a Reply

You must be logged in to post a comment.

Subscribe without commenting

Recent Comments

New Car Research

Get a Free Dealer Quote

Staff

  • Contributing Writers

  • Jack Baruth, United States
  • Brendan McAleer, Canada
  • Marcelo De Vasconcellos, Brazil
  • Vojta Dobes, Czech Republic
  • Matthias Gasnier, Australia
  • W. Christian 'Mental' Ward, Abu Dhabi
  • Mark Stevenson, Canada
  • Cameron Aubernon, United States
  • J Emerson, United States