• Fri. Oct 13th, 2023

Toyota Security Breach: Location Data of 2 Million Customers Exposed for 10 Years

Avatar photo

ByEsme Greene

Jul 19, 2023
Toyota security breach: 2 million customers exposed
Esme Greene
Latest posts by Esme Greene (see all)

According to a security notification posted in the company’s Japanese press, the data breach occurred as a consequence of a database setup error that made it possible for anybody to view the database’s contents without a password.

Privacy Concerns Arise: Toyota’s Customers’ Car Location and Video Footage Leaked in Massive Data Breach

Customers who utilized the company’s T-Connect G-Link, G-Link Lite, or G-BOOK services between January 2nd, 2012, and April 17th, 2023 had their information made public as a result of this issue.

Toyota’s in-car smart service, T-Connect, offers voice assistance, customer care support, administration of the vehicle’s condition, and on-the-road emergency assistance.

The disclosed information does not include any personally identifying information, therefore using this data breach to follow someone would need the attacker to be aware of the VIN (vehicle identification number) of their target’s automobile. 

Since a target’s car’s VIN, also known as its chassis number, is readily available, someone with sufficient drive and access to the vehicle could have conceivably used the ten-year data dump to trace the target’s whereabouts.

The chance that video recordings made outside the car may have been revealed in this instance is also mentioned in a second Toyota statement that was posted on the Japanese ‘Toyota Connected’ website.

The recordings’ exposure window, which spans over seven years from November 14th, 2016, to April 4th, 2023.

Again, depending on the circumstances, the timing, and the location, the release of these films would not significantly violate the privacy of the automobile owners.

Toyota has pledged to personally apologize to each affected customer and to set up a special contact center to answer their questions and fulfill their demands.

Toyota notified its customers of yet another massive data breach in October 2022 as a result of posting a T-Connect client database entry key on a public GitHub repo.

Between December 2017 and September 15th, 2022, when external illegal access to the GitHub repository was banned, this allowed an unauthorized person to view the information of 296 019 clients.

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.