Toyota Motor Corp has discovered that the personal data of more than 296 thousand of its customers could be in the hands of intruders. As reported by Reuters with reference to the company’s statement, drivers registered in T-Connect, a telematics ecosystem that informs the user about the condition and location of the car, were hit. Names, phone numbers, and even payment details were under threat.
Data from the accounts of private clients who joined T-Connect in July 2017 were exposed to the risk of leakage. Toyota reports that since then, 296,019 users have visited the service’s website under their own e-mail.
The statement says that Toyota cannot confirm that a third party has gained access to user data: there is no information about this on the T-Connect server. At the same time, the company cannot deny that the information could have ended up in the wrong hands.
Toyota denies the leak of “sensitive” information. Also, the company has not yet received complaints in connection with the misuse of leaked email addresses — spam, phishing, and other unwanted emails.
The reason why Toyota doubted the security of user data was the actions of the contractor who developed the T-Connect website. It turned out that he accidentally uploaded part of the source code containing data from December 2017 to September 15, 2022, with shared access settings. This oversight could have been exploited by intruders.