It has been reported that Toyota Motor Corporation is warning that customers’ personal information may have been exposed after an access key was publicly available on GitHub for almost five years.
These types of secure development errors plague organisations today and it is their customers that pay the price after attackers discover the error and compromise systems and data.
Organisations must get better at source code control and management of secrets, like access keys, because there is a strong possibility this data has already been accessed by attackers and Toyota might never know for sure.
Addressing these weaknesses requires implementing secrets management so that access keys are pulled from secured secrets servers and not hard coded into software, by locking down the development environment to prevent public access, and by setting up automated code repository security and access reviews, which includes searching the internet for code snippets that would indicate source code leakage.
These types of secure development errors plague organisations today and it is their customers that pay the price after attackers discover the error and compromise systems and data.
Organisations must get better at source code control and management of secrets, like access keys, because there is a strong possibility this data has already been accessed by attackers and Toyota might never know for sure.
Addressing these weaknesses requires implementing secrets management so that access keys are pulled from secured secrets servers and not hard coded into software, by locking down the development environment to prevent public access, and by setting up automated code repository security and access reviews, which includes searching the internet for code snippets that would indicate source code leakage.