Toyota Japan confirms decade-long security breach

toyota japan security breach
Onur Demirkol
May 15, 2023
Security
|
0

Toyota Japan has confirmed that due to a cloud misconfiguration, the personal and vehicle information of 2.15 million users was leaked on the internet. Moreover, the information has been on the internet for a decade now, but the company discovered it recently in April.

Customers affected included those who signed up for the T-Connect network service between the beginning of 2012 until April 17. Toyota has apologized to its customers for causing concerns.  According to TechCrunch, Toyota said that the exposed data includes: "registered email addresses; vehicle-unique chassis and navigation terminal numbers; the location of vehicles and what time they were there; and videos from the vehicle’s “drive recorder” which records footage from the car."

It was caused by human error, resulting in a cloud system being configured to public rather than private. Toyota stated that it will implement a system for auditing cloud settings, build up a system for continuously monitoring settings, and properly educate personnel on data management standards. It is unclear what can the bad actors do with this information or if they have already conducted any malicious activities.

Apart from the Toyota drivers who used T-Connect, Lexus users who got their hands on the G-Link app have also been affected by the security breach. According to one of its staff, Japan's Personal Information Protection Commission has been alerted about the event but has declined to disclose any details, in keeping with its policy of not commenting on particular incidents.

Courtesy of: REUTERS/Johanna Geron

The issue began in November 2013

Toyota Japan said that the issue began back in November 2013, which makes it a decade-long security breach. The company noticed it last month, so it lasted until mid-April. “There was a lack of active detection mechanisms, and activities to detect the presence or absence of things that became public,” a spokesperson of Toyota said when asked about why it took the company so long.

Toyota stated that when the vulnerability was detected, precautions were taken to prevent unauthorized access to the data, and an investigation into all cloud environments administered by Toyota Connected Corp started.

Advertisement

Related content

Bitwarden launches passkeys support in mobile apps for Android and iOS

Microsoft publishes new Registry security mitigation for Intel processors (Spectre)

KeePassXC adds support for Passkeys, improves database import from Bitwarden and 1Password

First look at Malwarebytes 5.0

RustDoor malware targets macOS users by posing as a Visual Studio Update

KeePass 2.56 released: options search and history improvements

Previous Post: «
Next Post: «

Comments

There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.

Spread the Word

Hot Discussions

Latest from Softonic

About gHacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.

The name and logo of Ghacks are copyrights or trademarks of SOFTONIC INTERNATIONAL S.A.
Copyright SOFTONIC INTERNATIONAL S.A. © 2005- 2024 - All rights reserved
Exit mobile version