Toyota exposes its marketing tools, exposing customers in Italy

Threat actors could abuse the leak to obtain clients’ phone numbers, email addresses, and use them for phishing attacks.
According to Cybernews, the company accidentally leaked data for over one-and-a-half years. Namely, it exposed secrets for its Salesforce Marketing Cloud and Mapbox APIs.
“This leak is significant as it could have been used to launch somewhat sophisticated phishing campaigns, as attackers would have had access and control over Toyota's official communication channels, making it more likely that victims would fall for such an attack, since the sender information would be legitimate,” Cybernews researchers said.
The company fixed the issue upon notification. The leak was caused by a failure to follow the company’s data-security policies.
“An additional set of countermeasures have been put in place to restore and strengthen our cybersecurity systems and protocols. We have reported this risk of exposure of privacy data to the relevant Italian authorities and are fully cooperating with the ongoing investigation,” Toyota said.