Experts Reaction On Toyota Data Leak

By   ISBuzz Team
Writer , Information Security Buzz | Oct 12, 2022 06:29 am PST

It has been reported that Toyota Motor Corporation is warning that customers’ personal information may have been exposed after an access key was publicly available on GitHub for almost five years.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Jordan Schroeder
Jordan Schroeder , Managing CISO
InfoSec Expert
October 12, 2022 2:30 pm

These types of secure development errors plague organisations today and it is their customers that pay the price after attackers discover the error and compromise systems and data.

Organisations must get better at source code control and management of secrets, like access keys, because there is a strong possibility this data has already been accessed by attackers and Toyota might never know for sure.

Addressing these weaknesses requires implementing secrets management so that access keys are pulled from secured secrets servers and not hard coded into software, by locking down the development environment to prevent public access, and by setting up automated code repository security and access reviews, which includes searching the internet for code snippets that would indicate source code leakage.

Last edited 11 months ago by jordan.schroeder

Recent Posts

Would love your thoughts, please comment.x