1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Toyota reports major data leak after access key left open on Gith

    From TechnologyDaily@1337:1/100 to All on Tue Oct 11 23:00:05 2022
    Toyota reports major data leak after access key left open on Github

    Date:
    Tue, 11 Oct 2022 21:42:31 +0000

    Description:
    Almost 300,000 email addresses were exposed, but there's no evidence of misuse, the company claims

    FULL STORY ======================================================================

    Toyota has admitted it mistakenly left a database of around 300,000 customer emails unsecured online, meaning anyone could have accessed private information.

    The leak appears to have affected Toyota's proprietary connectivity app,
    which allows drivers to connect their smartphones with the car, and use the in-car system to make calls, listen to music, use the navigation system, and similar.

    This app, called T-Connect, had a portion of its site source code published
    on GitHub, apparently by mistake, and that portion held an access key to the data server that stored customer email addresses and management numbers. It didnt store customer names, credit card data, phone numbers, or other data that could be used for identity theft. Ripe for phishing

    An email address is enough to launch a phishing attack, though.

    Still, the database contained just shy of 300,000 email addresses and was
    left in the open from December 2017, until mid-September 2022, when Toyota finally managed to restrict access to the repository. Two days later, the
    keys were changed, meaning whoever used them to access the database was no longer able to do so.

    While Toyota laid the blame on a development subcontractor, it did take responsibility for the mishap and apologized to its users. Read more

    Mercedes-Benz USA accidentally leaked customer data


    Your co-workers have probably been involved in a data breach


    Here's our rundown of the best encryption software right now

    The company says there is no evidence of anyone mishandling the data, but still warned customers to be wary of any potential phishing attacks, as it cant claim otherwise with absolute certainty, either.

    "As a result of an investigation by security experts, although we cannot confirm access by a third party based on the access history of the data
    server where the customer's email address and customer management number are stored, at the same time, we cannot completely deny it, the announcement reads.

    Whether or not Toyota wll now face any regulatory fines arising from the incident remains to be seen. These are the best endpoint protection services right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/toyota-reports-major-data-leak-after-access-key -left-open-on-github/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)