Sign in / up

back to article Toyota dev left key to customer info on public GitHub page for five years

Toyota has admitted it put 296,019 email addresses and customer management numbers of folks who signed up for its T-Connect assistance website at risk of online theft by bungling its security. The automaker's Japanese newsroom carries an apology for the privacy snafu, in which it explains an outsourced developer tasked with …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. eldakka
    Facepalm

    Once Toyota looked at that source code, the manufacturing giant realized this public-facing code repository contained an access key to a server that stored customer data.
    While unfortunate, this shouldn't be that big of a deal, because no-one would put sensitive customer data on an internet-facing server would they? Would They?
    Upon discovering the GitHub repo, Toyota immediately made it private.
    Oh. Apparently they would.

    6 0 Reply
    1. Jamesit
      Reply Icon

      "Upon discovering the GitHub repo, Toyota immediately made it private. Two days later the company changed the access key to the data server."

      Why did it take two days to change the key? I thought changing the key would be a priority.

      3 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Because they had to open a ticket with the help desk, who responded by asking what a key was.

        29 0 Reply
      2. John Brown (no body) Silver badge
        Reply Icon

        They made the Githib repo private immediately, then it took a couple of days to go through said repo to find out what was actually in it. They found the key..

        1 0 Reply
  2. Locomotion69

    Public cloud service

    With public cloud services, to difference between "share" and "leak" is small. Too small in this case.

    Why did somebody within Toyota decided that a public Github sounds like a good idea ??

    3 0 Reply
    1. Mobster
      Reply Icon

      Re: Public cloud service

      Does not sound like it was someone within Toyota, it was a software contractor.

      0 0 Reply
  3. trevorde Silver badge

    Technical Architect

    Worked on a project where our esteemed 'Technical Architect' accidentally committed our SQL credentials to our public GitHub repo. Twice. We revoked her access completely after that.

    7 0 Reply
  4. H in The Hague

    Hino

    At least one of their customers is a bit upset about Hino being creative with the emissions certification process:

    https://www.internationalcranes.media/news/kobelco-suspends-some-machine-sales-in-europe/8023783.article

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like