Toyota Motor Corporation today confirmed that vehicle data of about 2.15 million users was publicly accessible in Japan for about 10 years from November 2013 to mid-April 2023.
Reuters first reported the news, with Toyota spokesman Hideaki Homma stating that the issue with Toyota’s cloud-based connected service only affects Japanese vehicles. The service provides vehicle owners with maintenance reminders, entertainment streaming and emergency assistance.
Although no reports of compromised issues have surfaced, the compromised data includes vehicle identification numbers, location history, and video footage captured by the vehicle’s dashcam.
Toyota claims this information cannot be used to identify individual owners. Still, about 2.15 million users of services like G-Link, G-Book and Connected are affected. The company has now confirmed that it has fixed the system issue, assuring customers that their Connect-enabled vehicles will be safe to drive without the need for repairs.
“Toyota is the latest victim of human error and the enormous risk it poses to organizations,” commented Camellia Chan, CEO and founder of security software company X-Phy.
“Often, companies make trouble for cybercriminals by not configuring their networks properly, but in this case, what should have been private cloud data was highly exposed,” said a Toyota spokeswoman. commented that the data had been exposed for almost a decade because “there was a lack of a positive detection mechanism” to identify the error.
Mark Stockley, senior threat researcher at Malwarebytes, agrees with Chan, noting that the proliferation of cloud and NoSQL data storage has resulted in numerous incidents of data breaches on platforms such as Amazon S3, Elastic Search, and MongoDB. said it does.
Read more about a similar breach: Medical service exposed 12,000 confidential patient images
“Software vendors like Amazon have worked hard to make this kind of thing harder, so it’s not as easy as it used to be. But we can go public because there are situations where we actually want to go public,” Stockley added.
“As announced by Toyota, companies can invest in monitoring and auditing cloud services and configurations to avoid accidental leaks. helps identify the.”
The announcement comes months after Toyota warned that about 300,000 customers may have had their personal data compromised because their access keys had been exposed on GitHub for nearly five years.
Editorial image credit: JuliusKielaitis / Shutterstock.com
