Skip to content

Vulnerability in Toyota Management Platform Provided Access to Customer Data

Vulnerability in Toyota Management Platform Provided Access to Customer Data

Toyota was recently notified of a security vulnerability in its management platform that could have resulted in the unauthorized access to customers’ personal information. The vulnerability was quickly identified and rectified, but it is nonetheless concerning news for customers of the company. Toyota has released an official statement on the matter and is taking additional precautions to protect customer data going forward

Toyota recently discovered a severe vulnerability in its Customer 360 CRM platform, which allowed a security researcher to access personal information of its customers in Mexico. US-based researcher Eaton Zveare was able to bypass authentication on the application, locate API endpoints, and update the development application to use a production API. This allowed him to access customer data, including names, addresses, phone numbers, email addresses, vehicle history, purchase and service data, and tax ID.

Zveare reported the issue to Toyota on October 30 and the car maker resolved the vulnerability less than three weeks later by taking some of the sites offline and updating the APIs to require an authentication token. This is not the first time Zveare has disclosed an issue in Toyota’s systems – a month ago, he disclosed an issue in Toyota’s global supplier management network web portal.

Toyota’s customers should be aware that the car maker’s systems are vulnerable to cyberattacks, and that their personal information could be accessed by malicious actors. Companies must ensure that all their systems are adequately protected and that no backdoors exist.

In conclusion, Toyota was recently affected by a severe vulnerability in its Customer 360 CRM platform, which allowed a security researcher to access personal information of its customers in Mexico. The car maker responded quickly, taking some of the sites offline and updating the APIs to require an authentication token. This is not the first time Toyota has been affected by a cybersecurity incident and the company should take steps to protect its systems and its customers’ data.

Key Points:

  • A security researcher was able to bypass authentication on Toyota’s Customer 360 CRM platform and access customer data.
  • The car maker responded quickly, taking some of the sites offline and updating the APIs to require an authentication token.
  • This is not the first time Toyota has been affected by a cybersecurity incident.
  • Toyota must take steps to protect its systems and its customers’ data.

Leave a Reply

Your email address will not be published. Required fields are marked *