Toyota Accounts For 300,000 Customer Information Has BEEN STORED For Five Years
JAKARTA - A Japanese automaker, Toyota has finally acknowledged that around 300,000 personal information may have been stolen which lasted nearly five years.
According to the company, the cybercriminal offender stole his customers' data through a vulnerability on the T-Connect, Toyota's official app connecting customers' smartphones to their vehicle's vehicle's infotainment dashboard system.
In its official statement, Toyota acknowledged that the developer of the T-Connect website accidentally uploaded part of the site's source code to the public's GitHub repository in December 2017, where the source code was not found until last month.
This source code contains an access key to a server that stores the customer's email address and the customer's management number given to each customer.
As a result, a total of 296,019 email addresses can be accessed by anyone who finds the key to the GitHub repositories that have been closed on September 15, 2022.
But Toyota confirmed it had changed the server access key on September 17. It stated that there was no other information, such as customer name, phone number, and credit card information affected by the data theft.
Even so, launching TechCrunch, Thursday, October 13, it is possible that someone has accessed and stolen data during the five-year span.
"As a result of an investigation by security experts, although we cannot confirm access by third parties based on the data server access history where the customer email address and customer management number are stored, at the same time, we cannot completely deny it." that," Toyota explained.
Toyota advises customers to remain vigilant against phishing attempts and avoid opening email attachments from unknown senders claiming to be from Toyota.