Researchers at Kromtech Security discovered an unprotected database containing data from several US-based car dealerships. The database revealed buyers' personal data such as names, addresses, phone numbers, date of birth, sex and children over 12 years. It also included sales details such as rack number, mileage, model, model year, type and amount of monthly payment and name of the merchant.
The filtered data has been online for 137 days and the identity of the database owner is still unknown.
Vehicle robbery groups could use this information to clone the rack number and make a stolen car look legal at the time of sale.