Find personal data from your old car on eBay

[An amateur] researcher, who described himself as a “Tesla tinkerer that’s curious about how things work,” recently gained access to 13 Tesla MCUs — short for media control units — that were removed from electric vehicles during repairs and refurbishments. Each one of the devices stored a trove of sensitive information despite being retired. Examples included phone books from connected cell phones, call logs containing hundreds of entries, recent calendar entries, Spotify and W-Fi passwords stored in plaintext, locations for home, work, and all places navigated to, and session cookies that allowed access to Netflix and YouTube (and attached Gmail accounts)…

“It looks like some service center employees sell intact units on the side instead of returning them…the researcher said in an interview. “I know some people running salvage yards that say that’s one source of units they have for sale.”…

[His] discovery reveals a risk posed not just to Tesla owners but drivers of virtually any vehicle that has onboard devices that store personal data or provide remote tracking. A man who rented Ford vehicles from Enterprise Rent-a-Car reported having the ability to remotely start, stop, lock, and unlock the vehicles long after he returned them not just once, but a second time four months after the first. As is the case with Tesla MCUs that make it back onto the market, the failure of rental companies to mandate that employees fully wipe infotainment systems of all previous customers’ data represents a safety and privacy risk that could easily be avoided.

I know you can’t selectively destroy recording systems in a car you’re selling or trading-in; but, at a minimum you should do a factory reset. I’m not a fanatic about privacy (yet); but, I see no reason to skip utilizing the procedures built-in to maintain some level of security.