back to article Toyota admits to yet another cloud leak

Japanese automaker Toyota is again apologizing for spilling customer records online due to a misconfigured cloud environment – the same explanation it gave when the same thing happened a couple of weeks ago. It's like a pattern. This latest incident – like the last one, in which two million customer records were exposed – "was …

  1. alain williams Silver badge

    "Toyota said it had no evidence the data had been misused"

    If I shut my eyes before looking in an empty pot I will not see anything either.

    Did they ask all the customers affected ?

  2. xanadu42

    Oh, what a feeling

    A boringly typical expectation from the boringly typical car manufacturer with a boring palindrome "A TOYOTA"

    Oh, what a (bad) feeling

  3. Dan 55 Silver badge
    FAIL

    Toyota Hubris

    Management decided that as a car manufacturer they were so good at this cloud malarky that they thought it would be a good idea to make every car upload its journeys into cloud buckets secured by Toyota... or not.

    Looking forward to the next leak in about four months if past performance is anything to go by.

  4. werdsmith Silver badge

    I can't even log into my connected car app myself, so I'm interested in any assistance a hacker can give.

    Because the main dealer doesn't have a clue.

  5. Anonymous Coward
    Terminator

    Why this kind of thing keeps happening?

    “Toyota is again apologizing for spilling customer records online due to a misconfigured cloud environment – the same explanation it gave when the same thing happened a couple of weeks ago. It's like a pattern.”

    The reason this happens is, most probably, that an untrained and inexperienced intern was given the task. For you see, even in this day-and-age, IT is still considered a low priority business expense. Personally, I would have written a script to test security after each upgrade/change.

    1. Cybersaber

      Re: Why this kind of thing keeps happening?

      Easy to express that you'd write a script to do it but I suspect you'd find it very challenging to accomplish what you set out to do with it i.e. use a script to defeat the awesome powers of human stupidity, laziness, and greed.

      Who's to say someone didn't already try to do just that, only the cloud provider changed the API in a breaking way? What if the PM changed which cloud provider it was uploaded to? What if the change was non-malicious but happened via unauthorized process?

      And that kind of breaking change is just for one single check. Now when you factor in all the other 1,001 ways you're trying to use technology to backstop poor human skills/training, your script may technically be a script, but at 65,000 lines is looking more like a program that needs its own coders to maintain it and fix it to keep it effective. It would become, in effect, and internally developed "expert system" (what passes for being called AI these days.)

      Maybe your 'script' would have caught it, but I've been around the block too many times to accept such easy glib answers to a VERY complicated problem. The real solution is people. People whose job it is to review production systems regularly for this kind of thing, and people at the board level who see the value of that and are willing to authorize the payroll expenditure to make it happen.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like