Toyota T-Connect

2022: Recognition of 300 thousand customers and software sources in data leakage

On October 7, 2022, Toyota Motor Corporation issued a notice that third parties could gain unauthorized access to a database with information about approximately 296,000 customers of the company.

We are talking about users of the Toyota T-Connect telematics service. It allows you to connect your smartphone to the on-board infotainment complex of the car for making calls, listening to music, navigation, etc. In addition, using a mobile application, you can view statistics, control fuel consumption, etc.

Toyota admitted to data breach

It is reported that due to the fault of the contractor responsible for creating the platform, T-Connect, part of the source code of the system, along with the access key to the database server, ended up on the GitHub website. Toyota does not confirm the leak of information, but it cannot completely exclude this possibility either.

During the investigation of information security experts, it was established that a third party could gain access to a data server where customer email addresses and manager identifiers are stored. While we cannot confirm unauthorized access, we also cannot completely deny it, the Japanese automaker said in a statement.

Third parties could theoretically have at their disposal the email addresses of T-Connect users who registered from December 2017 to September 15, 2022. The problem could affect a total of 296,019 customers of the company. They may encounter phishing and spam.

It is emphasized that the database does not contain confidential information such as user names, their phone numbers and bank card numbers. On September 17, 2022, the keys of the database were changed, so that now unauthorized access of third parties to it is excluded.^[1]

Notes

Шаблон:Remarks