Cybercriminals hacked into the database of American Honda Motor Co., Inc. stealing the names, e-mail addresses and Vehicle Identification Numbers (VIN) of 2.2 million car owners.
The affected automobile owners received an e-mail from Honda last week notifying them of the breach, reported the Columbus Dispatch. It is not known when the database hack occurred.
The e-mail message explained that customers’ identifications were compromised by thieves who gained unauthorized access to an e-mail list initially set up to create a welcome e-mail for new Honda and Acura owners. The welcome e-mail list contained customers’ names and e-mails, as well as online login names and their 17-character VINs.
The hacked Honda list contained no financial information, Social Security numbers or phone numbers, according to Honda.
A separate list of 2.7 million Acura owners' e-mail addresses was also accessed, but that list contained no other personal information.
"Based solely on the information that was accessed, it would be difficult for your identity to be stolen," Honda wrote on its website.
But the fact that a cybercriminal has access to a car owner’s VIN is particularly troublesome to Graham Cluley, senior technology consultant for the security firm Sophos.
More security news from MSNBC Tech & Science
How crooks fake an ATM and steal your money
There's no dearth of sophisticated gear for the aspirational ATM thief. But skimmers don't exactly have an aisle at Wal-Mart. Gizmodo takes a look at the scary Internet black market where fraudsters get their tools — or get swindled themselves.
- Man pleads not guilty to running vast spam network
- Charles Manson had cell phone under mattress
- NYT: China hacked Google, leaked cables say
- How crooks fake an ATM and steal your money
On Sophos' website, Cluley wrote, "The obvious danger is that cybercriminals might use the list to send out e-mails to Honda customers, designed to trick them into clicking on malicious attachments or links, or fool them into handing over personal information. After all, if the hackers were able to present themselves as Honda, and reassured you that they were genuine by quoting your Vehicle Identification Number, then as a Honda customer you might be very likely to click on a link or open an attachment.”
Honda is instructing those impacted by the security breach to change their account passwords, and to be cautious of unsolicited e-mails requesting personal information.
Honda said it does not send e-mails to requesting Social Security numbers or credit card numbers, and if customers receive such a message, they should not divulge that information.
- LoJack Launches Recovery System for Classic Cars
- Identity Theft Protection Services Review
- New Strategies Are Needed to Shield the Most Sensitive Data
© 2012 SecurityNewsDaily. All rights reserved