Exposed more than 260,000 Navionics customer data

Security researcher Bob Diachenko discovered, on September 10, 2018, a misconfigured MongoDB database with 19 GB of exposed data. The database belonged to Navionics, an Italian electronic navigational chart company recently acquired by Garmin.

The data set contained the records of 261,259 unique clients, including e-mail addresses, names in some cases, purchased products IDs and user IDs, as well as application version and platform used, device ID, longitude and latitude, boat speed, navigation device, horizontal accuracy and other navigation details.

Bob Diachenko contacted Navionics on September 11, 2018 to report the security breach, and that same day the database was secured.