[BreachExchange] JUST IN: Software ‘bug’ exposes Honda employees for a ‘few hours’

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Thu Sep 16 08:33:51 EDT 2021


https://www.daytondailynews.com/local/just-in-hacked-software-exposes-honda-employees-for-a-few-hours/SBKJTHNPRNDV5MYWUUCK4ROD2M/

Honda personal wellness software was recently compromised, exposing the
user identities of nearly 800 Honda employees and their spouses who used
the software in Ohio, the automaker said in a brief statement.

“Limeade, a company that provides employee well-being solutions to Honda,
has notified Honda that a software bug caused some trackable activities on
its well-being website to be viewable by other Honda participants who
joined the same activity,” Honda said in a statement sent to the Dayton
Daily News Wednesday evening.

The software glitch, which Honda said was fixed “within a few hours after
its discovery,” affected about 775 Honda users in Ohio, the company said.

Questions were sent to a Honda representative Thursday. It’s not clear if
users outside Ohio were also affected or how the “software bug” happened.

It appears the exposure may have affected users of a Honda personal
wellness website and software called “Wellbeing,” which calls itself a
“program developed to help (Honda) associates and their spouses improve
their total wellbeing while encouraging them to reach their goals.”

“Examples of tracked activities that could have been viewed by other
participants include the number of steps tracked in a day, hours slept, or
completion of a dental appointment,” the automaker said. “While a
participant’s username could have been viewed by other participants, no
other personally identifiable information, such as a mailing address or
Social Security number, was viewable. All affected participants have been
notified.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210916/dff16d2c/attachment.html>


More information about the BreachExchange mailing list