Japanese giant Toyota Motor Corporation disclosed in a statement that nearly 300,000 customers may have had their personal data leaked, after a third party mistakenly uploaded part of the T-Connect source code to their GitHub account while it was set to be public in December 2017. The source code contained the access key to a data server that stored customer email addresses and management numbers. This made it possible for an unauthorized third party to access the details of 296,019 customers between December 2017 and September 15, 2022, when access to the GitHub repository was restricted. The server contained customer email addresses and management numbers.
T-Connect is an app developed by the company that allows car owners to control the vehicle’s infotainment system and monitor the access of the vehicle
The silver lining to the data leak is that customer names, phone numbers, credit cards, etc., were not exposed. With no additional personal information about the user, threat actors cannot tailor their social engineering efforts while carrying out phishing attacks, making them a bit less severe.
Read more about it here.