Toyota Confirms Decade long Data leak
Share this:
Toyota has acknowledged that the vehicle data of approximately 2.15 million users was publicly accessible in Japan for nearly a decade, from November 2013 to mid-April 2023.
As per the Toyota statement- the issue with Toyota’s cloud-based Connected service affects only vehicles in Japan. The service provides vehicle owners with maintenance reminders, entertainment streaming and emergency assistance.
As commented ‘there was a lack of active detection mechanisms’ to identify the mistake, so the data was exposed for almost a decade.
While no reports of issues resulting from the breach have surfaced, the compromised data includes vehicle identification numbers, location history and video footage captured by the vehicle’s drive recorder.
Although, Toyota claims this information cannot be used to identify individual owners. Still, approximately 2.15 million users of services like G-Link, G-Book and Connected have been affected.
The company confirmed it has now fixed the system issue and assures customers that their Connect-enabled vehicles are safe to drive without requiring repairs.
To avoid accidental exposure, companies can invest in monitoring and auditing of cloud services and settings, Penetration testing and red team engagements can also help companies identify exposed data.
This comes months after Toyota warned that nearly 300,000 customers may have had their personal data leaked after an access key was publicly available on GitHub for almost five years.
