Database of 10 Million Auto VINs Exposed

An unprotected database containing 10 million vehicle identification numbers or VINs has been discovered on the Internet.  That database also included make and model information, sales gross, monthly payment, customer name, address, phone, email, birth date and many other fields.

But here is the interesting part.  Even though that researchers discovered the unprotected database 137 days ago, it is sill exposed.

That is because this database is in the cloud and they have no idea who it belongs to.

Crooks could use this data to make fake VIN plates and get a fraudulent title.  They will be long gone by the time that the new owner discovers that the VIN doesn’t belong to that car.

It also may be enough to create duplicate keys to steal cars with.

Finally, that information could be used to register a vehicle to steal to order using the manufacturer’s mobile app.  Once that is done, the vehicle could be located, unlocked and maybe remotely started.

So what do you do if you find a database like this in the cloud?  Apparently, at least in this case, wait and hope that the owner figures out that the data belongs to him or her.

We continue to see more and more databases exposed and open to compromise.  A new story every week, at least.

It would make sense to do a security audit of all of your data to make sure that it is not accidentally public.  I am sure the owner of this data does not think it is publicly accessible.

Information for this post came from Helpnet Security.

by