People who have been using Toyota’s smartphone app may have had their personal information leaked, the company reported on Friday.
Around 296,000 pieces of customer information from the T-Connect service, which connects users to their cars, might have been leaked, Reuters reported. Toyota released a statement warning its customers that they may be at risk of receiving spam, phishing scams, or unsolicited email messages to their email addresses.
Those affected by the leak are customers who signed up for the service starting July 2017 using their emails. The Japanese automaker reported that a total of 296,019 email addresses and customer numbers were possibly leaked, but that sensitive information such as customer names, phone numbers, or credit card information was safe. Toyota also has not reported any cases where the leaked customers’ information has been misused yet.
Toyota claims that a contractor that developed the T-Connect website accidentally uploaded parts of the source code with public settings from December 2017 until September 15 of this year, the company said in its statement. However, based on initial investigations, the automaker hasn’t detected third-party access to the data server where the information was stored. But the investigations haven’t ruled out the worst-case scenario just yet, according to the company.
Experts have warned that car apps put users’ personal information at risk. In May, researchers at the cybersecurity firm Kaspersky released a report that more than half of these apps use customers’ personal information without first asking for their consent and that these apps tend to be vulnerable to security breaches.
If you drive a Toyota, you might want to be on extra alert while you’re cleaning out your inbox, for now.