Data leaked from 296,000 Toyota customers. This is because some of the source code from the Toyota Connect website has been available through a public GitHub account for five years. The source code contained a key that provided access to the client’s data server.
Toyota Connect is an application that allows Toyota owners to see information about their vehicles. Users can create an account through the official website of the application. Car maker clarifies That the relevant GitHub account belongs to the company that created the Toyota Connect website. However, this account turned out to be public. This made the source code publicly available from December 2017 to September 15, 2022, the day Toyota discovered the leak. On the same date, the GitHub account was made private. Two days later, the key in the source code was changed.
The leaked data consisted of email addresses and customer numbers of 296,019 customers. Toyota said other details, such as names, phone numbers and payment details, were not leaked.
The manufacturer says it has conducted research by security experts. It is not yet clear if third parties can access the server. However, Toyota cannot rule out the possibility of the leak being exploited, and so has notified affected customers.
“Total coffee specialist. Hardcore reader. Incurable music scholar. Web guru. Freelance troublemaker. Problem solver. Travel trailblazer.”