backtop


Print 4 comment(s) - last by C'DaleRider.. on Jan 3 at 3:56 AM


The emails of 4.9 million Honda/Acura customers has been lost by Silverpop. The report of the loss follows similar losses by McDonald's and Walgreens who contracted Silverpop. But this breach was even worse as Honda's 2.2 million subscribers also lost their login info and encrypted passwords.
Users' passwords and login info were also illegally obtained

Honda has posted an online warning and sent an email to 2.2 million customers informing them that a database containing their e-mail addresses, VINs and login information had been stolen.  In addition 2.7 million Acura customers had their emails only stolen.

The storage of the email databases was contracted by Honda and its luxury brand Acura to a third party.  The party was responsible for sending "welcome" emails to new purchasers who had opted to open a OwnerLink or MyAcura accounts.

Several sites (ZDNet and All Things Digital) suggested that the email contractor might be Silverpop Systems, Inc. of Atlanta, Georgia who recently was hacked and had email databases of McDonald's and Walgreens customers stolen.  However, these sites were unable to definitively link Silverpop with Honda/Acura.

We, however, found a press release from September 2009 on Silverpop's site which confirmed Honda as a "premium partner".  The press release describes an award given by Honda to the company, writing:
American Honda Motor Co., Inc. President and CEO Tetsuo Iwamura today presented the company's Premier Partner Award to Silverpop CEO Bill Nussey. The company was recognized for excellence in supporting Honda's email marketing efforts. Silverpop was one of 15 award recipients selected from 46 suppliers nominated by American Honda associates nationwide.

Silverpop® is the world's only provider of both email marketing and marketing automation solutions specifically tailored to the unique needs of B2C and B2B marketers.

"This recognition is a huge honor for us," Nussey said. "Honda, like most of our clients, has a very sophisticated online marketing program, and relies on the innovation and expertise that Silverpop delivers to fully engage with customers. They set their expectations of vendor partners high, and we're proud to have exceeded them."

So that seems like pretty definitive proof to us.  It appears that yet another victim of the Silverpop breach has emerged.  And unlike McDonald's and Walgreens, Honda appears actually to have lost actual user passwords.  It is unknown what kind of encryption scheme Silverpop was using, or whether it salted its passwords.  However, if you bought a Honda and created an account in the recent past, you probably want to change the passwords on any accounts using the same password as your Honda account.

And as we stated with the previous leaks, beware spam and phishing schemes.  The hackers likely had a motive when stealing this information, and that motive may simply have been to amass a large roll of emails to attack via message fraud.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

cloud
By MGSsancho on 12/31/2010 5:38:03 AM , Rating: 5
This is not an attack on cloud technologies or security, this is simply a vendor who failed to do their jobs. It appears they have the money to hire the right personnel to do the job right. Evidently their security is not good enough. Untill we know details we can't say, oh they didn't patch this or they used default this on that. This vendor can not be trusted anymore.




I got the e-mail too
By Darkk on 12/31/2010 3:44:12 PM , Rating: 3
Yep, I got the e-mail from Honda too about the breach. I was like here we go.

I went ahead and changed the password even though the user ID is not associated with anything I use in the wild. Still it had my finanical information which needs to be protected.




Where on Honda's website is this posted?
By dajeepster on 1/1/2011 9:48:11 PM , Rating: 2
...Because i don't see anything.

You would think that they would have posted something on thier website... where is the source?




"We shipped it on Saturday. Then on Sunday, we rested." -- Steve Jobs on the iPad launch

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki