Skip to main content

Navionics breach exposed hundreds of thousands of boat owners’ data

Navionics parent company Garmin fixed a database misconfiguration that exposed hundreds of thousands of boaters’ information to anyone who knew where to look.

A white hat security researcher — an ethical hacker who scans for security risks — notified Garmin about the misconfiguration in a Navionics backup database by MongoDB, one of the most widely used database providers in the world.

“The security researcher informed us that he accessed the database and downloaded a limited sample of data, which included a small number of customer email addresses and nicknames,” Garmin spokeswoman Carly Hysell told Trade Only Today.

No other customers were affected, Hysell said. “Once notified, we immediately investigated and resolved the vulnerability,” Hysell said. “We confirmed that none of the records or data were otherwise accessed or exfiltrated, and none of the data was lost.”

According to Tech Crunch, Bob Diachenko — Hacken.io’s newly appointed director of cyber risk research — said in a blog post that the 19 gigabyte Navionics database contained 261,259 unique records. The database had customer names, email addresses and navigational information.

“Navionics takes data protection very seriously, and we are grateful that Mr. Diachenko notified us of this misconfiguration using the responsible disclosure model,” Hysell said.

The breach is one of a string of MongoDB-based exposures, Tech Crunch said.

The database was designed to sit behind firewalls and was not automatically password-protected. Since more database are connected directly to the Internet, MongoDB refreshed its software to include a password by default, but many outdated installations are still unsecured, the publication said.

MongoDB databases have been hacked and had their contents downloaded and wiped, then held for ransom.

Related

1_WHALESACTION

NMMA: Proposed Speed Rule an ‘Existential Threat’ to Industry

The association is calling on every marine brand, employee and boat owner to file public comment by Oct. 31 over a sweeping regulation to protect North Atlantic right whales.

1_AXOPAR

Axopar and Nimbus Renew Agreement

The boatbuilders have entered an agreement whereby Nimbus Group will retain exclusive rights to sell Axopar boats on the Swedish market.

1_IAN

Hurricane Ian Leaves Devastation in Florida

The storm left a wide swath of destruction, heavily impacting marine interests from Tampa Bay to Marco Island.

Norm

Email Is Your Ticket to Holiday Sales

Developing an effective email campaign can bolster sales and help fill winter coffers at your dealership.

1_NMRA

NMRA Presents Annual Awards

Edson CEO Will Keene and ComMar Sales president Tim Conroy were recognized for their contributions to the marine industry.

1_ PULSE.PING.2

DEALERS: Are Interest Rates Impacting Demand?

This month’s Pulse Report survey asks dealers whether interest rate increases are causing a downturn in boat sales. Take the survey here.

1_EPROPULSION

EPropulsion, Mack Boring Partner with Crest

Pontoon builder Crest will use an ePropulsion Navy 3.0 Evo electric outboard motor and an E175 battery for its 2023 Current model.

1_BENETEAU

Beneteau Reports Significant H122 Growth

The company reported that its revenue grew 8.6 percent and income increased by 30 percent during the first half of 2022.