Do you have a Toyota with a cell phone app?

On October 7, 2022, Toyota Motor Corporation made an announcement that the personal information of approximately 296,000 consumers had been compromised.

The Toyota T-Connect system enables owners of Toyota automobiles to link their cell phones to their vehicles. By doing so, users can monitor the status of their engines, listen to music, navigate, and track fuel consumption.

 

Toyota T-Connect exposed

Recently, Toyota discovered that a source code section was published on GitHub. Included in the source code were access keys to the T-Connect data server.

Anyone possessing these keys could gain access to the T-Connect data server. The data server stores customers' email addresses when they register through the T-Connect application. Due to this, unauthorized third parties could access the records of customers between December 2017 and September 2022.

The database keys were updated on September 17, 2022, to prevent any other unauthorized access.

The compromised information did not include the consumers' personal information, such as their names, credit card numbers, or phone numbers.

In addition, Toyota issued an apology for any inconvenience caused by the improper handling of customer information and stated that a subcontractor was responsible for the mistake.

There are no indications that data has been misused. However, the Japanese automobile manufacturer cannot rule out the possibility of the information being accessed and stolen.

 

My perspective

T-Connect users enrolled between July 2017 and September 2022 are cautioned to avoid accepting email attachments from unknown senders. Threat actors may attempt to commit phishing attacks by posing as Toyota officials.

 

"You've got to ask yourself one question…
Do I feel lucky? Well, do ya punk?"

 


By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this post. I always take into mind that your time and attention are precious. And these posts need to be timely, to the point, and short.

For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work-at-home, and cybersecurity. I work extensively with business and professional associations to provide free small business technology education programs.

 

Contact me if you would like me to speak to your association