IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Toyota discovers five-year-old email leak, customers at risk of phishing attacks

Security experts have said the company has no way of knowing whether the emails were accessed

Car manufacturing giant Toyota has admitted that a server containing the data of 296,019 customers was openly-accessible for the past five years.

The company discovered on 15 September that the source code for its T-Connect app and website had been posted on a public GitHub repository in December 2017.

Related Resource

The future of work is already here. Now’s the time to secure it.

Robust security to protect and enable your business

Whitepaper cover with BT logo and title, and businessman looking into the distanceFree Download

Although this in itself was an issue, the issue was compounded with the discovery that the source code included an access key to a data server containing the email addresses of nearly 300,000 customers.

The company has since made the repository private, and changed the access key to the server but the extreme delay in discovering the leak, believed to have been inadvertently made by a third-party developer working on T-Connect, has caused concern.

Customers who had signed up for the company’s T-Connect service since July 2017 are potentially affected by the leak, which exposed email addresses and the customer management number assigned to each customer by Toyota.

Toyota expressed regret for the incident in a blog post and admitted that although there is no evidence that threat actors accessed the information, it cannot be ruled out at this time. 

“Having all the email addresses available will give bad actors the chance to start targeted phishing attacks, personalised to the recipient, and if Toyota does not implement continuous email security and anti-phishing training, this could easily result in a far greater security problem than just the leaked emails,” said Markus Strauss, head of product management at Runecast.

Beyond the impact to customers, data breaches and leaks can cause reputational damage to affected firms. The company has warned affected customers to be wary of suspicious emails, and to look out for telltale signs that they are malicious or part of a wider phishing campaign.

“We have no confirmation of a leak of data beyond this information. There is no impact for our customers in Europe,” Toyota told IT Pro in a statement.

“We sincerely apologise for any inconvenience and concern this may have caused to our customers and will continue to work with our contractors to ensure thorough management of the handling of personal information to provide services that our customers can rely on.”

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation
cyber crime

Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation

25 Nov 2022