Toyota’s Global Supplier Preparation Information Management System (GSPIMS) was breached by a security researcher who responsibly reported the issue to the company.
GSPIMS is the car manufacturer’s web application that allows employees and suppliers to remotely log in and manage the firm’s global supply chain.
The security researcher, who publishes under the pseudonym EatonWorks, discovered a “backdoor” in Toyota’s system that allowed anyone to access an existing user account as long as they knew their email.
In a test intrusion, the researcher found that he could freely access thousands of confidential documents, internal projects, supplier information, and more.
