Toyota discovers five-year-old e-mail leak, customers at risk of phishing attacks
Car manufacturing giant Toyota has admitted that a server containing the data of 296,019 customers was openly-accessible for the past five years.
The company discovered on 15 September that the source code for its T-Connect app and website had been posted on a public GitHub repository in December 2017.
Although this in itself was an issue, the issue was compounded with the discovery that the source code included an access key to a data server containing the email addresses of nearly 300,000 customers.
The company has since made the repository private, and changed the access key to the server but the extreme delay in discovering the leak, believed to have been inadvertently made by a third party developer working on T-Connect, has caused concern.
Customers who had signed up for the company’s T-Connect service since July 2017 are potentially affected by the leak, which exposed e-mail addresses and the customer management number assigned to each customer by Toyota.
Toyota expressed regret for the incident in a blog post and admitted that although there is no evidence that threat actors accessed the information, it cannot be ruled out at this time.
“Having all the e-mail addresses available will give bad actors the chance to start targeted phishing attacks, personalised to the recipient, and if Toyota does not implement continuous e-mail security and anti-phishing training, this could easily result in a far greater security problem than just the leaked e-mails,” said Markus Strauss, head of product management at Runecast.
Beyond the impact to customers, data breaches and leaks can cause reputational damage to affected firms. The company has warned affected customers to be wary of suspicious e-mails, and to look out for telltale signs that they are malicious or part of a wider phishing campaign.
Ⓒ Future Publishing
Subscribers 0
Fans 0
Followers 0
Followers