Toyota Motor Corp said on Friday that personal information of about 296,000 customers from its T-Connect service might have been leaked after an access key was mistakenly made accessible to the public on GitHub for nearly five years.
T-Connect is a telematics service offered by Toyota that enables car owners to connect their smartphone to the infotainment system of their Toyota vehicle for phone calls, navigation, notifications integration, music, engine condition, and more.
Toyota recently learned that a section of the source code for the T-Connect website, which included an access key to the server that held users’ email addresses and management numbers, had been accidentally published on GitHub.
Customers who signed up for the service after July 2017 may have been affected, according to the automotive giant.
The automaker says that between December 2017 and 15th September this year, a contractor who developed the T-Connect website accidentally uploaded parts of the source code with public settings.
After discovering the mistake, Toyota immediately made the source code private on GitHub, and on 17th September 2022 it modified the data server’s access key, among other actions.
Based on preliminary investigations, Toyota said it hasn’t found any evidence of unauthorised access to the data server where the details were kept. However, the firm also said that it was not completely ruling out third-party access.
Consumers’ private details, such as names, phone numbers and…
