PSA #3: Honda Owners, Watch Your Email. Very Carefully
It looks like Gawker can find solace in the reassuring fact that they are not the only ones who ended up with a purloined database, containing the privates private details of all their customers. Intimate customer data of Honda has also been robbed and plundered. See, it happens to the best of them.
According to The Nikkei [sub] Honda Motor confirmed the loss of nearly 4.9 million data sets of people who registered on the Honda websites. Hackers made away with 2.2 million names, email addresses and car information of current owners who registered their data on the Honda or Acura websites. According to a shocked cnet, the VINs of these cars were also taken. The blackhats also absconded with 2.7 million names and email addresses of people who had expressed their interest in receiving Acura information.
Also according to the Nikkei “Honda said it has already sent emails to the people affected informing them about the situation and asking them to change their passwords, although the passwords were not among the data that were leaked.”
Not good. What will you do when you receive email to change your password? Click on it, or kill it immediately? And didn’t even non-nerds learn from the Gawker debacle that one doesn’t need the password? It can be deduced from the hashcode.
“The worry is that affected owners, especially those on the list with the VINs, may be targeted for some kind of phishing attack. Imagine getting an e-mail from someone pretending to be your local Honda dealer who correctly identifies the car you just bought and asks you to give up more personal information so that you can get ‘special offers.’ “
Bertel Schmitt comes back to journalism after taking a 35 year break in advertising and marketing. He ran and owned advertising agencies in Duesseldorf, Germany, and New York City. Volkswagen A.G. was Bertel's most important corporate account. Schmitt's advertising and marketing career touched many corners of the industry with a special focus on automotive products and services. Since 2004, he lives in Japan and China with his wife <a href="http://www.tomokoandbertel.com"> Tomoko </a>. Bertel Schmitt is a founding board member of the <a href="http://www.offshoresuperseries.com"> Offshore Super Series </a>, an American offshore powerboat racing organization. He is co-owner of the racing team Typhoon.
More by Bertel Schmitt
Comments
Join the conversation
I received the message from Honda. It makes no mention of VINs being taken. Just that I should be careful of "phishing"emails. below is the text of the warning from Honda, Dear Customer, American Honda Motor Co., Inc. recently became aware of unauthorized access to an email list used by a vendor of customers who receive special offers and newsletters from Acura. We want to assure you that the only information that was obtained was your email address. We apologize for any inconvenience this may cause. As a company, we believe that all customer relationships must be built on trust. That is why we believe it is important to inform you of this incident. You may be aware of attacks on email marketing systems, therefore we want to assure you that we take the safeguarding of your information seriously and that the appropriate authorities have been contacted regarding this incident. Additionally, we have taken steps to minimize this type of exposure in the future. As a company, we encourage you to continue to be aware of the increasingly common email scams that may use your email address to contact you and ask for personal or sensitive information. -- Be cautious when opening links or attachments from unsolicited third parties. Also know that American Honda Motor Co. Inc. will not send you emails asking for your credit card number, social security number or other personal information. If ever asked for this information, you can be confident it is not from us. Again, let us reassure you that we are taking necessary steps to safeguard your personal information. Thank you. American Honda Motor Co., Inc.
Looks like different data from different lists. Mine mentions the VIN American Honda Motor Co., Inc. recently became aware of unauthorized access to an email list used by a vendor to create a welcome email to customers who have an Owner Link or My Acura vehicle account. The data that was obtained included your email address, your name, Vehicle Identification Number (VIN) and User ID. Your password was not included and no other sensitive information was contained in that list.
So I suppose this means that although I sold my Honda three years ago, I'll get inundated with emails describing the following: "According to our records your car might need maintenance soon. Click 'here'or stop in for our xx,xxx mile service" "We have a need for used xx Honda xxxxx models in good condition. According to our records you may be the owner of just such a car. Click 'here' or stop in today for a trade in offer to upgrade to the latest exciting new Hondas!" Wait, this already happens! Happy New Year TTAC! :)
The click here is the problem if it executes scripts or code on your machine. This is a really big deal and provides a new "in" for hackers previously unthought of.