Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense

IOTW: Toyota admits to data breach after access key is posted on GitHub

The data of over 296,000 users may have been accessed in the breach

Add bookmark
Olivia Powell
Olivia Powell
10/13/2022
Toyota admits to data breach after access key is posted on GitHub

Car manufacturer Toyota has issued a statement and an apology after it was discovered that third parties may have gained unauthorized access to customer details between December 2017 and September 15, 2022. 

The incident concerns T-Connect, an app which allows customers to connect their phone to their car. Any customers who registered between this period are at risk for their data being accessed, meaning the data for a potential 296,019 customers may have been leaked. The information available for access includes email address and customer management number, but personal or sensitive information including payment card information, name and address were not able to be accessed.

Following a security investigation, Toyota said in a statement that while it “cannot confirm access by a third party based on the access history of the data server where the customer's email address and customer management number are stored, at the same time [it] cannot completely deny it”.

Toyota also said that it will be individually notifying all those who were affected by the breach. Customers can check via a form on its website if their email was involved in the breach and Toyota has set up a dedicated call center to address questions and concerns from customers.

How did the breach take place?

On September 15 of this year, Toyota confirmed that a section of the source code for the T-Connect site had been posted on GitHub, a source code repository, in December 2017. As the source code contained an access key for the server, this may have allowed unauthorized access to customer data for the past five years. 

Toyota believes that the access key was posted mistakenly by a developer after they uploaded it to their profile while it was set to ‘public’, a violation of data handling rules.

The mistake went unnoticed until September. In a statement, Toyota apologized for the oversight, saying that “[it] once again recognize[s] that the proper handling of customers' personal information is an important social responsibility of a company” and that they will make efforts towards rectifying the mistake.

After the breach was discovered, the source code was made private and the access key was reset. According to Toyota, “no secondary damage has been confirmed” due to the leak, however they have warned customers that they may be at a higher risk for spam or phishing emails, and so they should be vigilant in dealing with suspicious emails. 

GitHub supply chain attacks

GitHub itself has had cyber security issues in the past. In August 2022, the site suffered a supply chain attack when a bad actor cloned and added malicious code to more than 35,000 GitHub repositories, while keeping the code’s original source code.

The malicious code allowed the repositories to collect information on the environment they were executed in. This would allow it to accumulate identifying information on the device it was executed on and the user that executed it, as well as having the potential to collect other sensitive data.

The code could also download additional malware from a third-party site that allowed it to further exploit any application or environment that was using the malicious cloned code originally introduced to the GitHub repositories.

The weaponized code could lead to developers accidentally downloading cloned code repositories which contain the malicious code. If used in their applications, this would then lead them to exposing their users to code which includes malware. 

Tags: Toyota GitHub data breach data leak IOTW Incident of the Week cyber attack cyber security incident source code malware spam phishing

Recommended

info@cshub.com/r/n

We hope you enjoy All Access from CS Hub!!<\/p>\r\n<p>Best Regards,<\/p>\r\n<p><a href=https://www.cshub.com/"https:////www.cshub.com///" target=\"_blank\">CS Hub Team<\/a><\/p>\r\n<p>P.S. Be sure to check out our other upcoming <a href=https://www.cshub.com/"https:////www.cshub.com//events?filter_format=ONLINE\%22 target=\"_blank\">All Access events here<\/a>.<\/p>\r\n<p>--------------------------------<\/p>\r\nConnect with us on Social Media: <a href=https://www.cshub.com/"https:////www.linkedin.com//groups//12067996///" target=\"_blank\">LinkedIn<\/a> | <a href=https://www.cshub.com/"https:////twitter.com//CSHubUSA/" target=\"_blank\">Twitter<\/a><\/p>\r\n<p>--------------------------------<\/p>\r\n<p>FAQS<\/p>\r\n<p><b>Can I invite my colleagues?<\/b><br>Yes of course! Please send them this link so they can register for free! [WebUrl]<\/p>\r\n\r\n<p><b>How do I access the sessions?<\/b><br>\r\nAll Access is run on Zoom Events. You should receive an email shortly from Zoom Events with your unique All Access link to the event lobby. Please hold on to that email ahead of the event. We\u2019ll also send you a reminder 24 hours before we go live!<\/p>\r\n\r\n<p><b>Will the agenda be updated?<\/b><br>\r\nYes, the agenda will be continuously updated on the website with the latest sessions & speakers. As we get closer to the event, also look out for our weekly updates which will also include the latest updates information and link to access the event.<\/p>\r\n<p><b>Can I access the sessions On Demand?<\/b><br>\r\nEvery session will be available after the event via the event lobby. We\u2019ll also send you a reminder about the On Demand sessions which will be sent to you after the event is over.<\/p>\r\n<p>--------------------------------<\/p>\r\n<p>RELATED RESOURCES TO READ BEFORE YOUR EVENT<\/p>\r\n<ul>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//executive-decisions//reports//cs-hub-mid-year-market-report-2022?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">CS Hub Mid-Year Market Report 2022<\/a><\/li>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//security-strategy//reports//ciso-strategies-for-proactive-threat-prevention?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">CISO strategies for proactive threat prevention<\/a><\/li>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//security-strategy//reports//how-to-strengthen-email-security-and-protection-against-advanced-ransomware-attacks?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">How to strengthen email security and protection against advanced ransomware attacks<\/a><\/li>\r\n<\/ul>","event_registration_srs_confirmation_email":null,"assets_from_cdn":true},"bant_disabled":1,"sponsorship_disclaimer":null,"sponsorship_disclaimer_text":null,"sponsorship_disclaimer_checkbox_disabled":0,"ext_treat_id":null,"recording_url":null,"file_attachment":null,"ingo_enabled":null,"ingo_activator_id":null,"ingo_autofiller_id":null,"ingo_amplifier_id":null,"ingo_authorizer_id":null,"restricted_content":0,"featured_events_embedded":[],"featured_content_embedded":[{"id":"62ebc12a3876be684671f31c","name":"GitHub supply chain attack could affect 83 million developers","description":"Code repository GitHub has been hit by a significant software supply chain attack","file":null,"url":"\/attacks\/news\/github-supply-chain-attack-could-affect-83-million-developers"},{"id":"633c29fa2d36014b536f4a98","name":"Data breach sees Telstra employees\u2019 details posted online","description":"The details of 30,000 employees have been shared on a hacking forum","file":null,"url":"\/attacks\/news\/data-breach-sees-telstra-employees-details-posted-online"},{"id":"62ff6fc7b962cc3fb47d87ba","name":"Data breaches on gaming sites are becoming more common","description":"Cyber Security Hub takes a deep dive into why gaming sites may be a target for hackers","file":null,"url":"\/attacks\/articles\/data-breaches-on-gaming-sites-are-becoming-more-common"},{"id":"632b1ade91b87b33247b657a","name":"Revolut data breach exposes information for more than 50,000 customers","description":"The fintech company suffered a data breach after a third party gained access to its database","file":null,"url":"\/attacks\/news\/revolut-data-breach-exposes-information-for-more-than-50000-customers"},{"id":"630f1f657e0c653b956d1017","name":"Student loan data breach leaks 2.5 million social security numbers","description":"Bad actors may have gained access to millions of users\u2019 information between June and July","file":null,"url":"\/attacks\/news\/student-loan-data-breach-leaks-25-million-social-security-numbers"}],"featured_content_portal_embedded":null}" >

FIND CONTENT BY TYPE

News Case Studies Interviews White Papers Videos

Cyber Security Hub COMMUNITY

About Us Power10 Contact Us Advertise with us Cookie Policy User Agreement Become a Contributor All Access from CS Hub Become a Member Today Media Partners

ADVERTISE WITH US

Advertise Now

JOIN THE Cyber Security Hub COMMUNITY

Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.

Cyber Security Hub, a division of IQPC

© 2026 All rights reserved. Use of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookies Settings.

Careers With IQPC | Contact Us | About Us | Cookie Policy