Go Back   Team-BHP > BHP India > The Indian Car Scene


Reply
 
Thread Tools Search this Thread
Old 12th August 2009, 22:59   #1
BHPian
 
Join Date: Nov 2004
Location: World
Posts: 115
Thanked: Once
Default Potential security flaw: Maruti's online database mixes up customer details

I don't know how many Maruti owners register for the Maruti owners' online database. This site records owners' personal information like name, address, phone nos., email ids, car details etc.

I needed to update my profile in the database. I hit the submit button after updating my profile. I received no confirmation. Instead, I was put on the profile page of another Maruti owner! I could see all his details. I could even have edited the profile of that owner if I wished to! If I did choose to edit his profile, on hitting the submit button again, presumably I would have ended up on the profile page owned by still another Maruti owner, and could have edited his profile too, and so on, ad infinitum!
Being the nice person that I am , I just logged out.

-- And could not log back in for a while, because my password was messed up (the case of the letters got changed). My car details were flushed out too! Now the site does not update my password, -- the feature just does not work!

Does Maruti care about these issues? The owners' database security breach did not seem to concern them when I called! So, at best, owners are liable to have their personal details lying in an insecure database for anybody to do whatever they like with those. At worst? Who knows?

---------------------------
P.S. Moderators, please move this post to the appropriate section if it isn't there already.

Last edited by Jaggu : 13th August 2009 at 12:16. Reason: Readability, please avoide cut pasting from external font editors. Use prevew before you submit the post. Thanks
meerkat is offline   Reply With Quote
Old 12th August 2009, 23:02   #2
Senior - BHPian
 
Nitin's Avatar
 
Join Date: May 2006
Location: Houston, Texas
Posts: 3,301
Thanked: 9 Times
Default

Thats crazy!MUL ought to do something about this.
So much for identity theft!
Nitin is offline   Reply With Quote
Old 13th August 2009, 09:13   #3
Senior - BHPian
 
McLaren Rulez's Avatar
 
Join Date: Dec 2007
Location: Mysore
Posts: 2,375
Thanked: 474 Times
Default

LOL at the title. What benefits do you get if you are on the database?
McLaren Rulez is offline   Reply With Quote
Old 13th August 2009, 09:18   #4
BHPian
 
amoghchaphalkar's Avatar
 
Join Date: May 2009
Location: Pune
Posts: 554
Thanked: 248 Times
Default

Quote:
Originally Posted by McLaren Rulez View Post
LOL at the title. What benefits do you get if you are on the database?
None at all !! I am on that database. All I get is "Happy Birthday" e-cards !!!
amoghchaphalkar is offline   Reply With Quote
Old 13th August 2009, 09:19   #5
BHPian
 
Bazius's Avatar
 
Join Date: Feb 2009
Location: Thithimathi, Coorg
Posts: 68
Thanked: 0 Times
Default

Please change the title
Bazius is offline   Reply With Quote
Old 13th August 2009, 09:37   #6
BHPian
 
simplythebest's Avatar
 
Join Date: Feb 2008
Location: Coimbatore
Posts: 118
Thanked: 5 Times
Default

With all due respect...I think your first course of action should have been to inform Maruti by sending a polite email.
If they don't fix the problem, it has to be taken further

I think all these news channels are making us more sensationalist
simplythebest is offline   Reply With Quote
Old 13th August 2009, 09:49   #7
BHPian
 
musicvj's Avatar
 
Join Date: Jan 2009
Location: Chennai
Posts: 115
Thanked: Once
Default

Are you working with Headlines Today channel? I was expecting something else after reading the title lol.
musicvj is offline   Reply With Quote
Old 13th August 2009, 09:56   #8
BANNED
 
Join Date: Jun 2007
Location: Bengalooru
Posts: 1,471
Thanked: 7 Times
Default

@meerkat, I think all you missed is an opportunity to harvest email addresses.

BTW, Maruti must hire better programmers. I wonder which firm did the web programming.
diabloo is offline   Reply With Quote
Old 13th August 2009, 11:39   #9
Senior - BHPian
 
amtak's Avatar
 
Join Date: Oct 2006
Location: Mumbai - The city of Sea Link!!!
Posts: 2,782
Thanked: 342 Times
Default

OT: The new website seems to have lifted inputs from Shell, and some of the other Telecommunication companies.
amtak is offline   Reply With Quote
Old 13th August 2009, 11:45   #10
BHPian
 
menonrajesh's Avatar
 
Join Date: Mar 2006
Location: Bangalore
Posts: 210
Thanked: Once
Default

No wonder why I used to get calls from Maruti enquiring about the level of satisfaction of the recent service done on the car which I never owned! Sometimes from the maruti insurance too, politely informing me about the policy renewal on someone else' car!
menonrajesh is offline   Reply With Quote
Old 13th August 2009, 11:53   #11
BHPian
 
Join Date: Nov 2006
Location: kolkata
Posts: 927
Thanked: 24 Times
Default

The title of this thread is sure misleading.

About Maruti, they should be more carefull with people's database's.
musicmanaman is offline   Reply With Quote
Old 13th August 2009, 12:08   #12
Distinguished - BHPian
 
phamilyman's Avatar
 
Join Date: Jul 2007
Location: Gurgaon
Posts: 5,601
Thanked: 3,451 Times
Default

a. You didn't HACK!
b. Title should be "Potential security flaw: Maruti's online database mixes up customer details"

LOL. But nice stuff that you didnt misuse it! kudos
phamilyman is offline   Reply With Quote
Old 13th August 2009, 12:40   #13
BANNED
 
Join Date: Feb 2009
Location: Ahmedabad
Posts: 1,457
Thanked: 10 Times
Default

Quote:
Originally Posted by phamilyman View Post
a. You didn't HACK!
b. Title should be "Potential security flaw: Maruti's online database mixes up customer details"

LOL. But nice stuff that you didnt misuse it! kudos
yes sir thats what it should be with title of this thread, owners name is misleading.Can mods do something for this.
Meerkut, well title what you posted doesnt justify what you posted later, but still would like to congratulate you of not misusing or editing any information that was visible on that page.
vijaythacker is offline   Reply With Quote
Old 13th August 2009, 12:53   #14
BHPian
 
Join Date: Jun 2009
Location: Bangalore
Posts: 229
Thanked: 48 Times
Default

whoa .. the title was completely misleading!
royalcruiser is offline   Reply With Quote
Old 13th August 2009, 13:18   #15
Senior - BHPian
 
McLaren Rulez's Avatar
 
Join Date: Dec 2007
Location: Mysore
Posts: 2,375
Thanked: 474 Times
Default

Maruti Suzuki India Limited raised several eyebrows when it invited one of its customers to hack into its own database. The customer, known only by his alias "meerkat", claims to have received an email from Mr. Jagdish Khattar, Managing Director of the automobile company requesting him to hack into Maruti Suzuki's database and retrieve confidential details about their customers. Mr. "meerkat" declined to carry out the task, despite being more than capable of simple hacks such as these, citing ethics as his reason. Industry analysts blame Maruti's obsessive desire to increase their market share for the latest incident. Many are curious to know why Maruti required the services of a professional hacker when Maruti executives already have access to the database in question. Maruti Suzuki's customers expressed their anger regarding this breach of privacy. Said Mr. Daljeet Singh, owner of a Maruti Suzuki SX4, "I knew I should have bought the new City instead. This is an outrageous piece of identity theft and I have already started receiving three times as much spam mail." Meanwhile, Maruti Suzuki executives were unavailable for comment. McLaren Rulez reporting for Times Now

Now does it fit the title? But anyway, I hope Maruti has resolved the issue by now. Identity theft can lead to bigger problems so they should be acting quickly to fix it.

Last edited by McLaren Rulez : 13th August 2009 at 13:21.
McLaren Rulez is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads
Thread Thread Starter Forum Replies Last Post
VW spends years trying to conceal security flaw Tushar The International Automotive Scene 2 18th August 2015 22:58
OBD Database (Port, Protocol, Cable, Software and Protocol Details) keyur Technical Stuff 11 24th July 2013 12:45
IMEI online database? nishantgandhi Gadgets, Computers & Software 7 14th April 2009 11:26
When ICE mixes with water!!! rider60 In-Car Entertainment 41 17th September 2008 00:44


All times are GMT +5.5. The time now is 21:01.

Copyright 2000 - 2017, Team-BHP.com
Proudly powered by E2E Networks