Constant leakage of sensitive information due to improper permission controls • No insider oversight leading to insiders in low positions having access to and leaking high value information • AWS servers for map data exposing private sshd keys • Map data is synced by rsync, failure to contain rsync reach • ’Toolbox’ servers serving diag unlock tokens and other car data to all comers, no authentication checks. Later, no account validity checks. 24