Toyota, the world’s largest automaker, recently admitted that it accidentally released access keys to nearly 300,000 users’ data on GitHub, and that some of the users’ personal information may have been leaked for up to five years.

In its apology, Toyota said an outsourced developer responsible for building T-Connect mistakenly posted parts of the source code for the T-Connect website on GitHub in December 2017, which also included storing customer email addresses. and the access key for the data server that manages the number.

The problem, which was not noticed by Toyota until September of this year, means that for nearly five years, unauthorized third parties have had unimpeded access to customer information.

Note: Toyota T-Connect is the automaker’s official program that allows Toyota owners to connect their smartphones to the vehicle’s infotainment system for phone calls, music, navigation, notification integration, driving data, engine status , fuel consumption and other functions and information control and access.

After discovering the problem, Toyota made the warehouse private for the first time, and modified the key of the database in time, which has solved the potential problem.

The database involved in this incident only stored users’ email addresses and customer management numbers, which were not leaked because data such as customer names, credit card data and phone numbers were stored in another database.

Although those sensitive information has not been leaked, users also need to pay attention to recently received emails, and do not click on emails from unknown senders at will, in case hackers pretend to be Toyota officials and send phishing emails to users.

Toyota said:

We will send separate apologies and notices to any customers who may have compromised email addresses or customer management numbers. In addition, we have prepared a special form on our website that allows users to check if your email address has been affected by this activity, and we have set up a dedicated call center to answer customer questions and concerns.

This incident was caused by the improper handling of the source code by the development contracting company, and we will work with the contracting company to ensure thorough management of the handling of customers’ personal information and to strengthen security. Toyota reiterates that proper handling of customers’ personal information is an important corporate social responsibility, and will make further efforts to ensure the protection and management of customers’ personal information to achieve services that customers can trust.