Key Takeaways: The Toyota Data Leak

  • Toyota Motor Corporation experienced a data breach affecting 2,150,000 customers.
  • The breach resulted from a misconfigured cloud database, allowing unauthorized access without a password.
  • Data exposed included car location information from services like T-Connect G-Link and G-BOOK since 2012.
  • No evidence of data misuse has been found yet, but real-time tracking of 2.15 million Toyota cars could be feasible.
  • The leaked data does not include personally identifiable information but could potentially compromise privacy if exploited.
  • Toyota plans to issue individual apologies, establish a dedicated call center, and investigate the breach further.
  • This isn’t Toyota’s first data breach; they’ve also faced challenges with physical security vulnerabilities in their vehicles.
  • Despite hurdles, Toyota remains committed to hydrogen and electric vehicle development.

Toyota Data Leak: The Geolocation of 2.1 Million People at Risk

Toyota Motor Corporation has suffered from a data breach resulting in the exposure of the car location information of 2,150,000 customers.

The company’s Japanese newsroom released a security notice on Friday, revealing that the breach was due to a database misconfiguration that allowed anyone to access its contents without a password.

“It was discovered that part of the data that Toyota Motor Corporation entrusted to Toyota Connected Corporation to manage had been made public due to misconfiguration of the cloud environment,” a rough translation of the statement reads.

“After the discovery of this matter, we have implemented measures to block access from the outside, but we are continuing to conduct investigations, including all cloud environments managed by TC. We apologize for causing great inconvenience and concern to our customers and related parties.”

The leaked data belonged to the customers of the company who signed up for its main cloud service platforms since 2012.

More specifically, the exposed data was connected to customers who used the company’s T-Connect G-Link, G-Link Lite, or G-BOOK services between January 2, 2012 – April 17, 2023.

T-Connect is Toyota’s in-car smart service that provides customers with voice assistance, on-road emergency help, customer service support, and car status and management.

The misconfigured database exposed the in-vehicle GPS navigation terminal ID number, chassis number, and vehicle location information with time data.

Leaked Data Could Reveal Real-Time Location of 2.15M Users

Toyota confirmed that there was no evidence of data misuse, but noted that unauthorized users could have accessed the historical data and possibly the real-time location of 2.15 million Toyota cars.

The exposed details do not constitute personally identifiable information, meaning that unless the attacker knew the car’s VIN (vehicle identification number), it would not be possible to use this data leak to track individuals.

However, someone with enough motivation and physical access to a vehicle could theoretically exploit the decade-long data leak for location tracking.

A second statement from Toyota, posted on the Japanese ‘Toyota Connected’ site, mentioned the possibility of video recordings taken outside the vehicle being exposed in this incident.

The period of exposure for these recordings was from November 14, 2016, to April 4, 2023, which is almost seven years. Although this would not severely affect the car owners’ privacy, it depends on the conditions, time, and location.

Toyota to Set Up Dedicated Call Center for Impacted Users

Toyota promised to send individual apology notices to impacted customers and set up a dedicated call center to aid their queries and demands.

Earlier, in October 2022, Toyota informed the customers of another long data breach that resulted from exposing a T-Connect customer database access key on a public GitHub repository.

This enabled an unauthorized third party to access the details of 296,019 customers between December 2017 and September 15, 2022.

More recently, it was also revealed that criminals are using specially crafted devices that plug into the wiring behind the headlight or taillight of Toyota models to bypass the electronic security on modern cars, allowing them to unlock, start, and drive away victims’ cars.

As reported, Toyota has recently revealed that hydrogen will remain a top priority despite the company’s increasing efforts to develop and produce more compelling all-electric vehicles.

Read More:

What's the Best Crypto to Buy Now?

  • B2C Listed the Top Rated Cryptocurrencies for 2023
  • Get Early Access to Presales & Private Sales
  • KYC Verified & Audited, Public Teams
  • Most Voted for Tokens on CoinSniper
  • Upcoming Listings on Exchanges, NFT Drops