- Microsoft IIS Servers Targeted by Lazarus - August 18, 2023
- AI-Powered Hacker Threats - August 18, 2023
- Attacks Against Ukraine and Poland Continue to Use the PicassoLoader Malware - August 18, 2023
According to a security notification posted in the company’s Japanese press, the data breach occurred as a consequence of a database setup error that made it possible for anybody to view the database’s contents without a password.
Privacy Concerns Arise: Toyota’s Customers’ Car Location and Video Footage Leaked in Massive Data Breach
Customers who utilized the company’s T-Connect G-Link, G-Link Lite, or G-BOOK services between January 2nd, 2012, and April 17th, 2023 had their information made public as a result of this issue.
Toyota’s in-car smart service, T-Connect, offers voice assistance, customer care support, administration of the vehicle’s condition, and on-the-road emergency assistance.
The disclosed information does not include any personally identifying information, therefore using this data breach to follow someone would need the attacker to be aware of the VIN (vehicle identification number) of their target’s automobile.
Since a target’s car’s VIN, also known as its chassis number, is readily available, someone with sufficient drive and access to the vehicle could have conceivably used the ten-year data dump to trace the target’s whereabouts.
The chance that video recordings made outside the car may have been revealed in this instance is also mentioned in a second Toyota statement that was posted on the Japanese ‘Toyota Connected’ website.
The recordings’ exposure window, which spans over seven years from November 14th, 2016, to April 4th, 2023.
Again, depending on the circumstances, the timing, and the location, the release of these films would not significantly violate the privacy of the automobile owners.
Toyota has pledged to personally apologize to each affected customer and to set up a special contact center to answer their questions and fulfill their demands.
Between December 2017 and September 15th, 2022, when external illegal access to the GitHub repository was banned, this allowed an unauthorized person to view the information of 296 019 clients.