Hacker Cracks Toyota Customer Search Tool
Flaw in Toyota's C360 customer relationship management tool exposed personal data of unknown number of customers in Mexico, a disclosure says.
![Toyota dealership in Mexico with a lot full of cars for sale Toyota dealership in Mexico with a lot full of cars for sale](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt592d40ba250e4f0a/64f15670e09efddf925959b3/toyota_mexico_NortePhoto.com_Alamy.jpg?width=1280&auto=webp&quality=95&format=jpg&disable=upscale)
A production API in Toyota's C360 customer relationship management (CRM) tool loaded with the personal information of an unknown number of the carmaker's customers in Mexico was found to expose reams of sensitive data.
A disclosure from threat hunter Eaton Zveare outlines how it was possible to access Toyota customers' names, addresses, phone numbers, emails, and tax identification numbers, as well as vehicle ownership and service history stored in the C360 CRM.
After reporting the issue to Toyota, Zveare said the sites were taken offline, and the APIs were secured so that they now require an authentication token.
"I would like to stress that I do not know how many customers are in this CRM," Zveare wrote. "There wasn't a user list — it was only possible to search for customers by name, ID, phone number, or email address."
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024