Rafal Los writes:
Alright, so Honda’s web sites didn’t actually get hacked, but like McDonalds they are on the receiving end of a lump of coal in their stocking for Christmas.
A post on Honda’s “Piloteers.org” website for Honda Pilot owners hints at a data breach at a vendor maintaining a mailing list for customer of My Acura and Honda’s Owner Link websites. From the forums post, it would appear as though SilverPop, the same company that was behind the breach of email addresses and information, also included Honda [likely this is fallout from the SilverPop hack].
Read more of this Following the White Rabbit post on Infosec Island.
Unlike other entities reporting a breach involving an email marketing vendor, Honda says no passwords were acquired or at risk:
American Honda Motor Co., Inc. recently became aware of unauthorized access to an email list used by a vendor to create a welcome email to customers who have an Owner Link or My Acura vehicle account. The data that was obtained included your email address, your name, Vehicle Identification Number (VIN) and User ID. Your password was not included and no other sensitive information was contained in that list.
SilverPop has not publicly named entities affected by the breach, nor have they issued any additional updates since their Dec. 15th statement on their blog.