Toyota data breach - Database keys exposed publically in GitHub for 5 years

Toyota data breach - Database keys exposed publically in GitHub for 5 years

On October 7th, Toyota revealed a partial copy of their T-Connect source code had been accidentally exposed for 5 years, including access to data for over 290,000 customers.

Read the full article breakdown here: https://s.gitguardian.com/8dh

In 2014, Toyota introduced a new telematics service called T-Connect to customers, offering interactive voice response and allowing drivers to connect to third-party apps. Toyota advertises it as their “connected services that provide safe, secure, comfortable, and convenient services through vehicle communication.”

In December 2017, while working with an unnamed (so far) subcontractor, a portion of the source code for T-Connect was uploaded to a public GitHub repository. Inside the repo there was a hardcoded access key for the data server that manages customer info. Anyone who found that credential could access the server, gaining access for 296,019 customers.

It was not until September 15, 2022, that anyone noticed this repo was public and that customer data was potentially exposed. Toyota has since made the repo private and has invalidated and replaced any affected connection credentials.

Read also more about the Uber Breach 2022: https://s.gitguardian.com/l9q