Toyota is the latest company to experience a major security breach, leaving an important access key on GitHub for five years.
According to BleepingComputer, source code for Toyota’s T-Connect software was left online for roughly five years. T-Connect allows users to connect their smartphone with their cars. The feature integrates phone calls, navigation, notifications, music, and vehicles status information.
Unfortunately, the source code also contained an access key to the server storing customer data, including both email addresses and management numbers. Fortunately, Toyota says customer names, phone numbers, and credit card information were not stored in the same database and remain secure.
The company also claims there is no evidence anyone accessed the data that was stored in the compromised server, but cannot be sure.
“As a result of an investigation by security experts, although we cannot confirm access by a third party based on the access history of the data server where the customer’s email address and customer management number are stored, at the same time, we cannot completely deny it,” explains the company, machine translated by BleepingComputer.