More Of The Shame: Software Flaw Exposes Millions of Subarus, Rivers of Driver Data

A now-patched vulnerability in Subaru's STARLINK telematics backend (subarucs.com) allowed researchers to reset employee passwords and access customer records, enabling retrieval of a year of precise vehicle location history, PII (emergency contacts, billing, addresses), and remote control actions (lock/unlock, start/stop) for affected vehicles; the flaw was found by security researchers using public-facing employee applications and simple discovery/brute-force techniques.