A glitch in the Mercedes-Benz app car owners use to remotely locate, unlock, and start their vehicles reportedly exposed car owners' sensitive information to other users.
Mercedes-Benz App Showed Data Of Other Users
According to TechCrunch, which interviewed two Mercedes-Benz car owners, the remote control app showed data from other users' account for at least a few hours on Friday, Oct. 18.
The customers said that the app pulled in information from other accounts that are not their own. This allowed them to see sensitive information about other car owners, which include their names, phone numbers, and recent activities.
"I got in contact with the person who owns the car that was showing up," one of the car owners told TechCrunch. "I could see the car was in Los Angeles, where he had been, and he was in fact there."
Fortunately, features like real-time location tracking and remote unlocks did not work, which somehow limited the impact of the security lapse.
The incident nonetheless raised concern because errors such as this can potentially broadcast sensitive information to the wrong people.
A customer service representative advised one of the customers who reported about the security lapse to delete the app until it is fixed.
App Taken Down To Resolve The Issue
Donna Boland, spokesperson for Mercedes-Benz parent company Daimler, acknowledged that there was indeed a short interval on Friday when incorrect customer data displayed on the MercedesMe app.
She said that the displayed information was cached data and there were no real-time access to the account. She added that no financial info was viewable, nor was it possible to interact with or determine the live location of the car associated with the account.
It is not clear how the security lapse happened and how widespread it was. Mercedes took the app offline for "site maintenance" a few hours after the problem started. Boland said that they took the system down after they became aware of the problem, identified the issue, and resolved it.