Navionics is a boating company owned by Garmin that recently exposed data of thousands of customers due to a misconfigured MongoDB. The misconfigured database was discovered just a day after the Shodan search engine indexed the storage system. The database contained 19GB of information regarding products and 261,259 customer records. The records consist of email addresses while some included names, user IDs, and purchased product IDs. It has also been seen that the database contained the platform used, application version, longitude and latitude, boat speed, device ID, and other navigational information. Further investigation revealed that there were no credentials required for the database, meaning that anyone could exfiltrate the data. Researchers reported the findings to Navionics on September 11th and the company was able to secure the database on the same day.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased