Toyota is an international corporation headquartered in Aichi, Japan. Kiichiro Toyoda founded it in 1937, and it has since grown to be one of the largest automotive manufacturers in the world.
The leak was to the Toyota T-Connect app. This app connects Toyota drivers’ smartphones to the technological features in their cars.
The leak resulted from admin access to the Toyota T-Connect app being available on GitHub for almost five years. When the company admitted the leak (letter machine translated), it stated, “It was discovered that the published source code contained an access key to the data server, and by using it, it was possible to access the e-mail address and customer management number stored in the data server.”
This leak began sometime in July 2017 and was finally discovered in September 2022.
The leak impacted many Toyota customers and could have affected nearly all of T-Connect’s users. Any number of bad actors could have accessed the system with how long the code was online. As of June 2022, GitHub had over 83 million users, and many of these users would have had access to the code and the embedded password.
Toyota disclosed that over 296,000 people were affected by the leak. The leak was discovered on September 15th, 2022, and the source codes were immediately changed, hopefully halting further access to the information.