Toyota Automotive corporation revealed information about the possible leakage of the database of mobile applications T-Connect, which allows you to integrate its own Smartphone with an information system of the car. The incident is caused by the publication on the GITHUB part of the source texts of the site t-pronnect , which included the access key to the server storing personal data of customers. The code by mistake was published in a public repository in 2017 and until mid -September 2022 the leak remained unnoticed.
Using the published key, attackers could access the database containing an email address and control codes of more than 269 thousand users of the T-Connect application. The analysis of the situation showed that the cause of the leak was the error of the subcontractor who was developing the T-Connect website. It is argued that no traces of unauthorized use of the key placed in the public domain were detected, but the company cannot completely exclude the content of the contents of the database into the hands of outsiders. After identifying the problem of September 17, the compromised key was replaced by a new one.