Security researchers discovered web vulnerabilities in Subaru's Starlink service that allowed potential unauthorized access to customer accounts and tracking of customers' movements. While Subaru swiftly patched the flaw following the report, concerns persist about the access Subaru employees have to customer location data historically, which poses a privacy issue. Researchers were able to bypass security questions and gain control of Subaru Starlink developer accounts, leading to the possibility of manipulating vehicle features remotely.
Source: https://www.wired.com/story/subaru-location-tracking-vulnerabilities/
"id": "sub000012725",
"linkid": "subaru-of-america",
"type": "Breach",
"date": "1/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"