Navionics data breach exposes hundreds of thousands of boaters

By Tony Esposito
Wed Oct 10 2018, 14:03 PM

Latest breach is one of many exposures resulting from use of the MongoDB database

Hundreds of thousands of boaters who use Navionics electronic navigational charts had personal data – including names and email addressed – exposed to any would-be hacker who knew where to look.

Navionics, which is own by Garmin, has secured the exposed database and began notifying customers of the potential breach on Monday.

According to reporting in BCW and Tech Crunch, this latest breach is one of many exposures resulting from use of the MongoDB databases, which have been hacked and had their contents downloaded and wiped, then held for ransom.

The database was designed to sit behind firewalls and was not automatically password-protected. Since more databases are connected directly to the Internet, MongoDB refreshed its software to include a password by default, but many outdated installations are still unsecured.

The breach was discovered by a cyber risk research firm that contacted Garmin, at which time the server was shutdown.