Mercedes-Benz has a mobile app that can be used by its car owners to remotely locate, unlock and also start their cars.
The app in question also holds a lot of information about its users' and their Mercedes-Benz cars.
And here, the car app was exposing these information to other accounts, allowing those people to see other Mercedes-Benz car owners’ names, recent activities, phone numbers, car locations and more.
Fortunately, the issue didn't expose real-time data of other Mercedes-Benz vehicles.
This happened briefly on October 18th, before the company put the app offline "due to site maintenance".
The problem started with a glitch.
At that time, an owner opened the app and found that it was pulling in someone else's profile. Another owner experienced that the app was showing his car in a different location, while in fact, the car was there in front of him.
Other Mercedes-Benz owner also reported that the “lock and unlock” and the engine “start and stop” features stopped functioning, somewhat limiting the impact of the security lapse.
Upon contacting Mercedes-Benz, a customer service representative told them to "delete the app" until it was fixed. That was before the car company put the app offline.
According to Donna Boland, a spokesperson for Daimler, the parent company of Mercedes-Benz:
"The information displayed was cached information — not real-time access to the account, no financial info was viewable nor was it possible to interact with, or determine live location of, the vehicle associated with the account."
"When we became aware of the issue, we took the system down, identified the issue and resolved it."
The app has more than 100,000 users who installed it, according to data from Google Play Store.
Apps like these allow modern vehicles to connect with their owners remotely. Using the app, owners can locate their cars, lock or unlock them, and start or stop the engine. But as cars become internet-connected and hooked up to apps, security flaws can make these cars open to hijack and hack.
Fortunately, this kind of glitch incident is rare.