NASTF Information Requests

Tracking: 941 Status: Closed - Requester Satisfied
State: FL Name: terry
Category of Request: Reprogramming Manufacturer: 2017 MERCEDES S550

Inquiry
Have you checked the OEM website?
Yes
Description of Repair unable to perform
Am locked out of daimler server after someone hijacking my account by exploiting their weak security to change my password. All they had to do was guess a username that already existed.
Description of Information not available
There is no way for 3rd party users to reset their passwords without help from MBUSA who are not responding to my emails and not answering their phone or fax on the contact numbers I have,
Description of steps taken to obtain information (help/contact function on website, websites, etc.)
I have xentry passthru. Someone has managed to get into my account on daimler and change my password. Then they set security question of favorite band (unknown to me) so I cannot reset it. Worst part is they got in just by going to the reset page and typing username (guessed I presume) and then the 4 characters that appears, its the worst security I have ever seen. my fault for not setting an extra security question. I have been locked out all week. I immediately emailed mirek koziel who setup the account, no response, tried calling, just get busy signal, tried faxing, just get busy signal. Daimler say their own employees can get their bosses to reset password but 3rd party users have to get their agent (mirek koziel MB New Jersey) to so it. I also emailed daimler and startek, nobody has responded in despite an intruder using my credentials all week, I just need a password reset and to change my security question, you would think it would be simple and they would not want trespassers in their server. Finally as an aside, when you go to the reset page, it lets you keep trying passwords by continually logging in, I have tried over 1000 bands and singers with no luck. You would expect a simple email recovery option for passwords, even basic forums have that, plus to be locked out after 3 attempts at password guesses. This is s serious issue that needs a fix to prevent others like me having their accounts hijacked due flawed security on the daiimler server (simply typing 4 characters that the screen displays lets you change password if you have not set an extra security question) and not being able to do anything to recover them. Im sure this is going to being a huge problem for daimler if they dont address it. Perhaps someone from NASTF can bring this security flaw to their attention,
Other Comments or Concerns
I tried all 3 below contact methods fro my contact. Tel. 201-573-4306 constantly busy Fax 201-573-2700 constantly busy Email: mirek.koziel@mbusa.com
Notes
0 - 03/19/2019
MBUSA reached out to Mr Ferrari and resolved his issue.
Home