Post by riddick on Feb 6, 2014 11:22:14 GMT 11
Hi Guys,
I have just purchased a LEAF a month ago and I have been much enjoying motoring without mineral based fuels (my other car is also not using mineral fuels so we are completely off oils now :-)).
However, I have one issue that really concerns me about privacy. I have recently changed my owner's portal password that I have received from my dealer. Given that the LEAF sends quite a bit of information back to Nissan, you really want to make sure that your information is private and does not get used by anyone but you or Nissan.
After changing my password, I got an e-mail to say that my password has changed, but to my horror, the e-mail contained both the old AND new passwords. E-mail is an unsecure delivery mechanism sent as clear text, so it is easily captured. This is why banks would never e-mail passwords, they usually even have a secure e-mail facility on their web sites so you never have to send clear e-mails to them.
I have called Nissan to express my concern, however, the rep just said that this is how it works, he can take my complaint but it is unlikely to be changed. When I raised my concern about others being able to see my travel data (as the owner portal displays the carwings password and lets you log in), he said all they can see is trips, kms and was pretty dismissive! But in the wrong hands, they could easily figure when I am not likely to be home etc...
He also said that other companies do this too, like google etc. I said to him absolutely not, they do send out e-mails when your password changes, but it does not contain your password. I said I have not seen that with any web sites I use. He said he has...
I asked if he can change my password over the phone. He said no. I asked if my dealer can change my password. He said if even if he would I would still get the e-mail.
Nissan, please lift your game! Maybe this is a problem with a car company getting into the IT business and only learning now what security means. If you guys are serious about this game, which it seems you are thankfully, then please fix this ASAP. Removing that password out of the e-mails should be a 5 minute job for the right person.
Thanks and sorry to start with a complaint as otherwise I am very appreciative of the work you have done!
I have just purchased a LEAF a month ago and I have been much enjoying motoring without mineral based fuels (my other car is also not using mineral fuels so we are completely off oils now :-)).
However, I have one issue that really concerns me about privacy. I have recently changed my owner's portal password that I have received from my dealer. Given that the LEAF sends quite a bit of information back to Nissan, you really want to make sure that your information is private and does not get used by anyone but you or Nissan.
After changing my password, I got an e-mail to say that my password has changed, but to my horror, the e-mail contained both the old AND new passwords. E-mail is an unsecure delivery mechanism sent as clear text, so it is easily captured. This is why banks would never e-mail passwords, they usually even have a secure e-mail facility on their web sites so you never have to send clear e-mails to them.
I have called Nissan to express my concern, however, the rep just said that this is how it works, he can take my complaint but it is unlikely to be changed. When I raised my concern about others being able to see my travel data (as the owner portal displays the carwings password and lets you log in), he said all they can see is trips, kms and was pretty dismissive! But in the wrong hands, they could easily figure when I am not likely to be home etc...
He also said that other companies do this too, like google etc. I said to him absolutely not, they do send out e-mails when your password changes, but it does not contain your password. I said I have not seen that with any web sites I use. He said he has...
I asked if he can change my password over the phone. He said no. I asked if my dealer can change my password. He said if even if he would I would still get the e-mail.
Nissan, please lift your game! Maybe this is a problem with a car company getting into the IT business and only learning now what security means. If you guys are serious about this game, which it seems you are thankfully, then please fix this ASAP. Removing that password out of the e-mails should be a 5 minute job for the right person.
Thanks and sorry to start with a complaint as otherwise I am very appreciative of the work you have done!