Navionics breach exposed hundreds of thousands of boat owners’ data

Author:
Publish date:

Navionics parent company Garmin fixed a database misconfiguration that exposed hundreds of thousands of boaters’ information to anyone who knew where to look.

A white hat security researcher — an ethical hacker who scans for security risks — notified Garmin about the misconfiguration in a Navionics backup database by MongoDB, one of the most widely used database providers in the world.

“The security researcher informed us that he accessed the database and downloaded a limited sample of data, which included a small number of customer email addresses and nicknames,” Garmin spokeswoman Carly Hysell told Trade Only Today.

No other customers were affected, Hysell said. “Once notified, we immediately investigated and resolved the vulnerability,” Hysell said. “We confirmed that none of the records or data were otherwise accessed or exfiltrated, and none of the data was lost.”

According to Tech Crunch, Bob Diachenko — Hacken.io’s newly appointed director of cyber risk research — said in a blog post that the 19 gigabyte Navionics database contained 261,259 unique records. The database had customer names, email addresses and navigational information.

“Navionics takes data protection very seriously, and we are grateful that Mr. Diachenko notified us of this misconfiguration using the responsible disclosure model,” Hysell said.

The breach is one of a string of MongoDB-based exposures, Tech Crunch said.

The database was designed to sit behind firewalls and was not automatically password-protected. Since more database are connected directly to the Internet, MongoDB refreshed its software to include a password by default, but many outdated installations are still unsecured, the publication said.

MongoDB databases have been hacked and had their contents downloaded and wiped, then held for ransom.

Related

Tommy’s Slalom Shop Adds Dealer

Boulder Boats has locations in Nevada, Arizona and California.

Trade Only Today Returns Tuesday

The daily e-newsletter will not publish Monday, Jan. 18, in observance of Martin Luther King Day.

Mercury and Crownline Make Supply Pact

Under the agreement, Mercury will be the exclusive outboard and sterndrive supplier for the boatbuilder.

Sea Tow Makes Executive Appointment

Thomas Spina, who has more than 25 years of maritime experience in a variety of roles, was named vice president of franchise operations.

Quick Hits: January 15, 2021

IBEX seeks proposals for session topics; Sensible Yacht Cordage changes hands

Godfrey Marine to Host Virtual Showcase

The event is to take place Jan. 23 and will include Godfrey pontoons and Hurricane deckboats.

Boat Shows Throttling Up

2021 is bringing a new paradigm to the winter boat show season.

Correct Craft Plans Expansions

The moves will allow additional growth for Nautique, Supreme, Ingenity and Watershed Innovation.