Skip to main content
Publish date:

Navionics breach exposed hundreds of thousands of boat owners’ data

Navionics parent company Garmin fixed a database misconfiguration that exposed hundreds of thousands of boaters’ information to anyone who knew where to look.

A white hat security researcher — an ethical hacker who scans for security risks — notified Garmin about the misconfiguration in a Navionics backup database by MongoDB, one of the most widely used database providers in the world.

“The security researcher informed us that he accessed the database and downloaded a limited sample of data, which included a small number of customer email addresses and nicknames,” Garmin spokeswoman Carly Hysell told Trade Only Today.

No other customers were affected, Hysell said. “Once notified, we immediately investigated and resolved the vulnerability,” Hysell said. “We confirmed that none of the records or data were otherwise accessed or exfiltrated, and none of the data was lost.”

According to Tech Crunch, Bob Diachenko — Hacken.io’s newly appointed director of cyber risk research — said in a blog post that the 19 gigabyte Navionics database contained 261,259 unique records. The database had customer names, email addresses and navigational information.

“Navionics takes data protection very seriously, and we are grateful that Mr. Diachenko notified us of this misconfiguration using the responsible disclosure model,” Hysell said.

The breach is one of a string of MongoDB-based exposures, Tech Crunch said.

The database was designed to sit behind firewalls and was not automatically password-protected. Since more database are connected directly to the Internet, MongoDB refreshed its software to include a password by default, but many outdated installations are still unsecured, the publication said.

MongoDB databases have been hacked and had their contents downloaded and wiped, then held for ransom.

Related

Battle on the Great Lakes Rages On

The Icebreaker Wind Turbine Development faces strong headwinds from boating and fishing groups.

Limestone Boat Co. Expands Dealer Network

The company adds four new dealers to its roster, with three to represent Aquasport Boats.

NMEA Announces ‘22 Training Course Schedule

For next year, marine training courses will be offered as virtual and in-person sessions for basic marine electronics installers, and in-person only for advanced installers.

GM Invests $150M in Electric Boat Start-Up

General Motors has acquired a 25-percent stake in Pure Watercraft, a Seattle-based e-propulsion outfit.

Patrick Acquires Marine and RV Seating Maker

The Elkhart, Ind.-based component manufacturer finalized its purchase of Williamsburg Marine and Williamsburg Furniture.

Dealers: Tell Us Your 2022 Retail Outlook

Our monthly Pulse Report survey asks dealers for their outlooks on 2022 retail sales.

Metstrade Wraps

International Marine Networking’s Ben Taylor said a “solid international audience” was on hand at Amsterdam’s RAI Center for this year’s event.