Japanese car company Toyota has confirmed that roughly 300,000 customers may have been impacted by a data leak that exposed personal data. According to the car manufacturer, an access key was left publicly available on GitHub for almost five years. The personal information exposed in the leak is customers’ email addresses and customer control numbers of individuals who have used T-Connect. T-Connect is a service that connects customers’ phones to their vehicles via a network.
The data dates back to July 2017, Toyota said. There is currently no evidence that the data was actually accessed by a third party, however, it’s not impossible. However, security researchers have definitely ruled out the possibility of the leakage of names, credit cards, and other sensitive information. The access key was mistakenly uploaded to GitHub by a website development contractor, according to Toyota. Since discovering the leak, the source code has been made private.