Jason Kent, hacker-in-residence at Cequence, found a way to exploit a Toyota API to get around the hassle of car shopping in the age of supply-chain woes. The API exposed is completely public, and the way an API is used is to request something via simple query parameters. It looks as if this API was built to allow someone, perhaps a dealer, to look at the rest of the inventory systems and to take quick traffic from a buyer perhaps like me?”]
Source: https://threatpost.com/pandemic-car-shopping-manufacturer-api/176740/