HQ/EMEAFind out how we can help your business
The Toyota Motor Corporation recently found two new misconfigured cloud services that revealed customers’ data for over seven years.
The finding emerged after the car manufacturer investigated all its cloud environments after discovering a misconfigured server that exposed the location data of more than two million car owners for a decade. Moreover, the company added that they had found a part of the data that contained customers’ information that was potentially accessible to the public.
Toyota revealed that the first exposed cloud service had compromised information since 2016.
According to an investigation, Toyota found that the first exposed cloud service affected their customer information in Asia and Oceania from October 2016 to May 2023.
The confirmed database that resulted in public exposure contained data such as names, addresses, phone numbers, email addresses, customer IDs, vehicle registration numbers, and vehicle identification numbers.
Unfortunately, the car manufacturing firm has yet to clarify how many customers have suffered the effects of the exposed database.
The second misconfigured cloud server exposed information to the public between February 2015 and May 2023. However, the second cloud server contained less sensitive data and more information related to the vehicles’ navigation systems.
The assessment uncovered that the exposed data includes the in-car device ID, map data updates, and data creation dates of about 260,000 customers in Japan. The exposure affected individuals who subscribed to the G-BOOK navigation system with a G-BOOK mx Pro o mx. The company has also claimed that car owners who subscribed to G-Link / G-Link Lite and renewed the Maps using Toyota’s Demand service could have also suffered data exposure from Feb 2015 to March 2022.
The Japanese carmaker explained that they have automatically removed the data entries from the cloud environment after a while. Hence, there is a limited amount of information exposed in the meantime.
Furthermore, Toyota believes that if an unauthorised individual accessed the data externally, it would not be substantial for the attacker to infer identification details regarding the customer or access their vehicular unit.
This huge car manufacturing company has adopted a system that monitors cloud configurations and database settings on all its infrastructure constantly to prevent these types of issues.
