Automotive giant and car maker Toyota has warned that the personal information of roughly 300,000 customers may have been exposed for close to five years.
The possible exposure relates to T-Connect, an official Toyota app that allows customers to connect their smartphone to their vehicle’s dashboard infotainment system. In a statement, Toyota admitted that a subcontractor developing the T-Connect website inadvertently uploaded part of the site’s source code to a public GitHub repository in December 2017, where it sat undiscovered until last month. This source code contained an access key to a server that stored customer email addresses and customer management numbers that it assigns to each customer.
Toyota said that a total of 296,019 email addresses could have been accessed by anyone who found the access key until the access to the GitHub repository was closed on September 15, 2022. Toyota, which confirmed it has since changed the server’s access key on September 17, said that no other information, such as customer names, phone numbers and credit card information, was affected.
But the company was forced to admit that it could not rule out the possibility of someone having accessed and stolen the data during the five-year span.
“As a result of an investigation by security experts, although we cannot confirm access by a third party based on the access history of the data server where the customer’s email address and customer management number are stored, at the same time, we cannot completely deny it,” Toyota said in a statement.
Toyota advised customers whose details may have been leaked to be on alert for phishing attempts and to avoid opening email attachments from unknown senders that claim to be from Toyota.
A similar security lapse recently led to the leak of a huge amount of sensitive data from Shanghai’s police database, including the names, addresses, phone numbers, national identifications, birthplaces and criminal records of more than 70% of the country’s population — approximately 1 billion Chinese residents.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch, and a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
Flaws in third-party software exposed dozens of Teslas to remote access
