Defective batteries are covered under Apple’s one-year warranty, and replacements are free under AppleCare Plus plans if your battery has less than 80 percent of its original capacity. If it’s higher than that and you’re still disappointed with its longevity, your options are limited to third-party repair or going the DIY route with official Apple parts, either of which could be cheaper than Apple’s full-price service.

A threat actor leaked Toyota’s customer data on a dark web forum. The file shared by the hacker contained 240GB of data, including contact and financial information, emails and more. 

The Japanese automaker acknowledged the leak but later backtracked, claiming it wasn’t a breach and that the data was stolen from a third-party entity misrepresented as Toyota. 

Below, I discuss the security incident in detail, along with tips on how to protect yourself from being targeted by hackers.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

What you need to know about the breach

A hacker group called ZeroSevenGroup claimed on a dark web forum that it stole 240GB of data from Toyota, including info on employees, customers, contract  and financial details, according to Bleeping Computer. It also said it gathered network infrastructure info and credentials using ADRecon, an open-source tool that pulls loads of data from active directory systems.

“We have hacked a branch in United States to one of the biggest automotive manufacturer in the world (TOYOTA). We are really glad to share the files with you here for free. The data size: 240 GB,” the threat actor claimed.

The hacker specifically claimed to have access to everything: contacts, financial data, customer info, schemes, employee details, photos, databases, network infrastructure, emails and “a lot of perfect data.”

It’s not clear exactly when the breach happened, but Bleeping Computer found that the files were stolen — or at least created — Dec. 25, 2022. This lines up with a data breach around the same time that hit Toyota’s subsidiary, Toyota Financial Services (TFS). Back then, the company warned customers that their data had been compromised. But there’s no confirmation if the two incidents are related.

A hacker group claimed on a dark web forum that it stole data from Toyota  (Bleeping Computer)

MASSIVE FREE VPN DATA BREACH EXPOSES 360 MILLION RECORDS

Toyota’s response

“We are aware of the situation. The issue is limited in scope and is not a systemwide issue,” Toyota told Bleeping Computer when asked to verify the hacker’s claims. The company also mentioned that it’s “engaged with those who are impacted and will provide assistance if needed.”

However, the next day, a spokesperson informed the site that Toyota Motor North America’s systems were “not breached or compromised” and that the data was stolen from what appears to be “a third-party entity that is misrepresented as Toyota.”

The spokesperson declined to reveal the name of the breached third party, saying Toyota Motor North America was “not at liberty to disclose“ that information.

CLICK HERE FOR MORE U.S. NEWS

Illustration of a hacker at work  (Kurt “CyberGuy” Knutsson)

WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM

Scope and impact

The leaked data reportedly includes:

• Customer and employee personal information
• Financial records and contracts
• Network infrastructure details
• Emails and internal communications

With 240GB of data exposed, the potential impact on individuals and the company could be substantial.

Timing and detection

The files appear to have been created or stolen Dec. 25, 2022, suggesting a significant delay in detection or disclosure. This lag time is concerning, as it potentially gave attackers ample opportunity to exploit the stolen information.

A pattern of security incidents

This breach is not an isolated incident for Toyota. The company has faced multiple security challenges in recent years:

• A ransomware attack on Toyota Financial Services in 2023
• Exposure of customer car location data for 2.15 million users over a decade due to cloud misconfigurations
• Additional cloud service misconfigurations leaking customer data for over seven years

These recurring issues point to potential systemic weaknesses in Toyota’s cybersecurity infrastructure and practices.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET 

Industry implications

The automotive industry has become an increasingly attractive target for cybercriminals. This incident highlights the need for robust security measures, especially as vehicles become more connected and data-driven.

4 ways to protect yourself in light of the Toyota security incident

Below are a few ways to protect yourself following the Toyota breach.

1. Enable two-factor authentication: Activate two-factor authentication (2FA) on any accounts tied to Toyota services, including email, financial accounts and customer portals. It adds an extra layer of security by requiring a second piece of information, like a code sent to your phone, along with your password when logging in. This makes it much more difficult for hackers to access your accounts, even if your password has been compromised. By enabling 2FA, you can significantly reduce the risk of unauthorized access and better protect your sensitive data in light of the Toyota breach.

2. Use personal data removal services: Consider investing in personal data removal services that specialize in continuously monitoring and removing your personal information from various online databases and websites. I mentioned above that hackers are also stealing your IDs to validate the data. These IDs can be misused in more ways than you can imagine, including impersonation. Check out my top picks for data removal services here. 

3. Monitor financial accounts: Regularly check your bank statements, credit card activity and any Toyota Financial Services accounts for suspicious transactions. If you notice anything unusual, report it to your bank or financial institution immediately.

4. Watch out for phishing scams: In the aftermath of breaches like this, phishing attempts may increase. Be cautious of emails or messages that ask for personal information or direct you to click suspicious links. Verify the sender’s identity before engaging with such communications.

The best way to protect yourself from clicking malicious links is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

HOW TO RECOGNIZE AND AVOID BEING A VICTIM OF VACATION RENTAL SCAMS

Kurt’s key takeaway

In light of this breach, it’s clear that data security is a critical concern for both companies and their customers. Whether the breach occurred directly at Toyota or through a third-party entity, the fact remains that sensitive information has been exposed, putting individuals at risk. It’s a reminder of the importance of staying vigilant, protecting your accounts with tools like two-factor authentication and regularly monitoring your financial activity for any signs of suspicious behavior.

How do you feel about Toyota’s response to the breach? Do you think it did enough to address the situation? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover

Follow Kurt on his social channels

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com.  All rights reserved.

Shogun Showdown sometimes breaks my brain. The new deckbuilding roguelike is all about tactics, and a key part of the game is that you can always see what the enemies plan to do next. Every once in a while, that gets me in a quandary where I know I’ll lose. But when things click into place and I clear everyone out in one fell swoop, I feel like a strategic genius.  

In the game, which just left early access, you’re constantly trying to position your character across a small level to either attack your foes or dodge their moves. As you play, you can upgrade your “tiles” (think: cards) to improve their damage, add perks like freezing ice, or lower their cooldown so that you can use them more frequently. You’re also able to stack up to three tiles so that, with one press of the attack button, you send off a salvo of moves to take out a bunch of bad guys at once.

Since you can see what the enemies will do, you’re constantly strategizing about whether to move in to strike or if you need to back off to stay alive. It can get complex, and sometimes it feels like I have to galaxy brain each move to survive difficult rounds. The strategizing is all worth it when you pull off a series of attacks that clear the battlefield.

Here’s an example of how it comes together. Playing as the starter character, called the Wanderer, I start with a pair of swords that can simultaneously hit the spaces to my left and right as well as an arrow that can fire across the level. With some strategic maneuvering, I can set up the Wanderer so that she strikes a baddie that’s behind her and then shoots an arrow in front of her to eliminate all the dangers on the map.

During each run, you’ll have opportunities to improve your tiles, pick up new ones, and shop for upgrades. Sure, those are all familiar roguelike trappings, but with a little planning, you can make some extraordinarily powerful tiles. For my first winning run, I upgraded an arrow tile so it had high damage and no cooldown, meaning I was firing off arrows without breaking a sweat.

As you play, you’ll also collect skulls that can be used to unlock things like new tiles and more things to buy at item shops. Spending those skulls quickly adds variety to each run, and I don’t think I’ve doubled up on a build yet. Once, I went all in on a dragon punch move that sent enemies flying into each other, and while it didn’t get me a win, I loved punching bad guys across levels to open up space.

I’m still early in the game, and I’ve only unlocked one of four additional characters, so there’s still a lot for me to see. As you clear runs, you can also play through harder “days” with added challenges like tougher enemies or fewer item drops.

Even though I’m working through bigger games like Astro Bot and a long-in-the-works Mass Effect trilogy playthrough, I keep coming back to Shogun Showdown; it’s just too much fun to experiment with the game’s many weapons and strategies. Maybe it’s time for me to try that dragon punch build again — or stumble into something completely unexpected.

Shogun Showdown is available now on PC, Nintendo Switch, PlayStation, and Xbox.