Owners of Mercedes-Benz vehicles have reported that the app they used to remotely find, unlock, and start their vehicles displayed information on other people's accounts and vehicles.
Customers claimed that the Mercedes-Benz linked car app was accessing data from accounts other than their own and displaying names, recent activity, phone numbers, and other information for other car owners.
The alleged security breach occurred late on Friday, and a few hours later the app was taken offline for site maintenance.
The information shown was cached information; there was no real-time access to the account, no financial information could be viewed, and there was no way to interact with or locate the car connected to the account.
Source: https://techcrunch.com/2019/10/19/mercedes-benz-app-glitch-exposed/
"id": "MER71318423",
"linkid": "mercedes-benz_ag",
"type": "Data Leak",
"date": "10/2019",
"severity": "50",
"impact": "1",
"explanation": "Attack without any consequences"