A security researcher said he hacked into Toyota’s supplier management network and was able to access sensitive data associated with around 3,000 suppliers and 14,000 users worldwide.
Eaton Zveare compromised a web application used by Toyota employees and suppliers to coordinate projects, and containing details about parts, surveys, and purchases. Notable partners and suppliers found on the system included Michelin, Continental, and Stanley Black & Decker.
The researcher ultimately gained access to the Japanese carmaker’s Global Supplier Preparation Information Management System (GSPIMS) as a system administrator via a backdoor in the login mechanism.
A malicious breach could have exposed comments made by Toyota employees about suppliers and supplier rankings by risk and other variables, said Zveare.
Zveare described the security hole, which Toyota patched quickly, as “one of the most severe vulnerabilities I have ever found”.
