Security researcher Bob Diachenko researcher discovered a database containing 19 GB of customer records publicly exposed.
The database belongs to Navionics, a Garmin Ltd. company, develops and manufactures electronic navigation charts of marine areas, lakes, and rivers around the world for use in GPS chartplotters and mobile devices. Based in Viareggio, Italy, Navionics operates its US headquarters in New Bedford, MA, and worldwide offices in the UK, India and Australia.
The unsecured database contains information related to its products and customers. According to the researcher, the database was exposed as a result of MongoDB misconfiguration.
The database was indexed by the Shodan search engine on September 9th, and the researcher discovered the database on the next day.
The exposed database contains records of 261,259 unique customers which includes email addresses, some names, purchased products IDs, and user IDs.
The database also contains details about application version, the platform used, device ID, longitude and latitude, boat speed, a navigation device, horizontal accuracy, and other navigation details.
Researcher notified the company about the database on September 11, and the database was secured on the same day itself.
The company said it has investigated the incident and did not find evidence of misuse of data.
The company also said it has notified its customers about the breach through email on October 8th.
“Navionics takes data protection very seriously, and we are grateful that Mr Diachenko notified us of this misconfiguration using the responsible disclosure model. Once notified, we immediately investigated and resolved the vulnerability. “
“Following our investigation, we confirmed that none of the records or data were otherwise accessed or exfiltrated, and none of the data was lost. Even so, Navionics still notified affected customers via e-mail by October 8, 2018” said in the post published by the researcher.
You may be interested in reading:Google Shutdowns Google+ After Bug Exposed User Data of 500,000 Users