"Toyota Discloses Accidental Leak of Some Customers' Personal Information"

Toyota Motor Corporation is warning customers that their personal information may have been inadvertently exposed after an access key was made public on GitHub for nearly five years. The automaker recently discovered that a portion of its T-Connect site source code had been accidentally published on GitHub. T-Connect is a company-developed app that allows car owners to control their vehicle's infotainment system and monitor vehicle access. The leaked code also included an access key to the data server, which held customer information such as email addresses and management numbers. A development subcontractor leaked the source code. Between December 2017 and September 15, 2022, an unauthorized third party could have accessed Toyota customers' information, affecting 296,019 customers. The GitHub repository was restricted in September 2022, and the keys were changed. Customer names, credit card information, and phone numbers were not compromised because they were not stored in the exposed database. While there are no signs of data misappropriation, the Japanese automaker cannot rule out the possibility that someone accessed and stole the data. T-Connect users who registered between July 2017 and September 2022 may be vulnerable to malicious activities such as scams. This article continues to discuss the cause and potential impact of the leak disclosed by Toyota. 

Security Affairs reports "Toyota Discloses Accidental Leak of Some Customers' Personal Information"