Australian Automotive Incident, 01 June 2023

Toyota does U-turn, confirms thousands of Australian customers hit by latest data breach

Access key was publicly available on GitHub for almost five years

Source: Toyota does U-turn, confirms thousands of Australian customers hit by latest data breach | drive.com.au
Source: Toyota discloses data leak after access key exposed on GitHub | beepingcomputer

News agency Reuters reports, in the latest computer hack, the vehicle data of 2.15 million Toyota customers in Japan – almost all owners who signed up for the company’s cloud services from 2012 – had been “publicly available for a decade due to human error”.

After initially saying Toyota customers in Australia were not affected, the company has since done a U-turn. However, Toyota Australia issued the following statement: “On 12 May 2023, Toyota Motor Corporation confirmed the vehicle data of some users in Japan had been publicly accessible due to an error in the configuration of a cloud-based database.

Toyota discovered recently that a portion of the T-Connect site source code was mistakenly published on GitHub and contained an access key to the data server that stored customer email addresses and management numbers.

This made it possible for an unauthorized third party to access the details of 296,019 customers between December 2017 and September 15, 2022, when access to the GitHub repository was restricted.