So, while my.audi.com is certainly nice and useful, Im shocked at the obvious security loophole presented by the password reset feature.
Basically, to take control of someone's myAudi account, you need the following information:
So what can you do with access to a my audi account? Well, first of all you can get a hold of information such as the VIN number, destination addresses, your Audi Link code, etc.
Is there a better way to bring up the issue? I just feel it would be so simple to adjust the system to at least send you an email with a confirmation link before you can set a new password.
Basically, to take control of someone's myAudi account, you need the following information:
- email account associated with the user
- the answer to the secret question, which the user picked from a list upon registration
So what can you do with access to a my audi account? Well, first of all you can get a hold of information such as the VIN number, destination addresses, your Audi Link code, etc.
Is there a better way to bring up the issue? I just feel it would be so simple to adjust the system to at least send you an email with a confirmation link before you can set a new password.
