Toyota's Customer 360 customer relationship management platform has a severe security flaw enabling access to the automaker's Mexican customers' personal data, according to SecurityWeek.
"The production and QA API endpoints use Amazon API Gateway and probably would have been impossible to find if they weren't included in the dev apps code. With the login bypass and API change in place, it was possible to access production data," said Zveare.
Such an issue has been resolved by Toyota three weeks after being notified by Zveare on Oct. 30. The report comes a month after Toyota's global supplier management network web portal was exposed by Zveare to allow data tampering and exfiltration.