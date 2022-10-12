There is no company that can be spared from an attack by hackers to steal customer information. This is exactly what has happened to Toyota Motor Corporation which has reported that the personal information of your customers may have been exposed after having kept an access key on Github for 5 years.

The affected customers are those who use the Toyota T-Connect application on a daily basis, which allows them to connect the mobile phone with the car to configure the entertainment system and also access the car’s driving data. Some of the source code for this app was discovered to be posted on GitHub with public access to enter their servers.

Toyota informs its customers of a possible safety problem

From that moment Toyota began to investigate and was able to determine that there was a real risk that customer information had been leaked to a third party. Although, not seeing any strange records on the server itself, they could not determine it with total certainty. Likewise, it has been determined that 300,000 customers could be affected between December 2017 and September 2022.





In this announcement, Toyota wanted to make it clear that neither credit card details nor phone numbers have been exposed not being on that server. Although, the email or the password of the application itself that can be used for commercial purposes.

These cases, although it seems incredible, are really common. When developers create an application, they generate a credential that allows access to the service and the configuration update in a comfortable way. The problem is when at the end of development this credential is not removed properly and ends up on GitHub thanks to your scan task to find all the secrets. But the worst of all is that this information has been circulating for 5 years without anyone noticing until September.

Currently from Toyota They have asked for caution with the emails that are going to arrive, since they can be authentic phishing strategies. This recommendation is mainly in the registrations that were made in the application between 2017 and 2022. That is why, if this is your case, we recommend that you change your password and be very careful with everything that reaches your inbox.

Fuente | Toyota