As reported by Motherboard, a pair of bugs in John Deere’s apps and website could have allowed hackers to find and download the personal data of all owners of the company’s farming vehicles and equipment, according to a security researcher who found the vulnerabilities.
There is no evidence that hackers exploited these flaws. The researcher, who goes by Sick Codes, reported them to John Deere on April 12 and 13 and the company fixed one of the bugs just three days later. The company fixed the second bug on Wednesday, according to the researcher.
Before the fixes, the vulnerabilities, if exploited, would have exposed personal data about John Deere’s customers, including their physical address, according to Sick Codes.