A security researcher has disclosed a backdoor vulnerability that allowed access to Toyota’s Global Supplier Preparation Information Management System. All that is needed to gain access, is to know the email address of an existing user account. The security researcher was able to obtain those email address by doing a web search and via LinkedIn. The system stores thousands of confidential documents, internal projects, supplier information and more. The issue was responsibly disclosed to Toyota on November 3 and were fixed by November 23. Toyota did not provide any reward or compensation for the responsible disclosure.
This segment was created for the It’s 5:05 podcast