Royal Enfield Exposed Personal Data of 450K People in Jan: Expert

The exposed data included names, e-mails, phone numbers, passwords, bike information and social network links.

Updated20 Feb 2020, 04:21 PM IST
1 min read

Motorcycle manufacturer Royal Enfield had exposed a database containing personal information of at least 450,000 customers in January, a cyber security analyst disclosed on Twitter on Thursday.

Bob Diachenko, a Ukraine-based expert, told The Quint that he had made a responsible disclosure alert to the company on 19 January following which the vulnerability was patched.

Diachenko, in his tweet, also added that the exposed database also contained information on 1,470 "privileged users" and dealers. The exposed data included names, e-mails, phone numbers, encrypted passwords, motorbike-related information and social network links of individuals.

The encrypted passwords pertain to accounts on the company’s official website. It is unclear how long the database had remained exposed prior to its discovery.

“Without my alert, chances are high that somebody with malicious intents would have wiped out the data or stole it for ransom.”
Bob Diachenko, Independent Cyber Security consultant

Diachenko said that he had discovered a misconfigured MongoDB (a document-oriented database program) which, among other data, contained customer information pertaining to Royal Enfield.

“I discovered 3 IPs (addresses) with misconfigured databases i.e. set up without password/login with what appears to be Royal Enfield’s data,” Diachenko told The Quint.

“We see many cases of ransomware attacks on non protected noSQL databases, so my goal is to be one step ahead of a criminal and alert businesses and organisations on the potential dangers,” he added.

The Quint has reached out to Royal Enfield for its response on the issue. The story will be updated with their official comment.

We'll get through this! Meanwhile, here's all you need to know about the Coronavirus outbreak to keep yourself safe, informed, and updated.

The Quint is now available on Telegram & WhatsApp too, Click here to join.

Published: 20 Feb 2020, 04:12 PM IST

Stay Updated

Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.

Join over 120,000 subscribers!