License plates entered the digital age last year when California allowed Reviver to market its hi-tech plates to drivers in the state, with other states including Michigan soon following suit. The company claims it offers “reimagined convenience, personalization and safety” but a team of security researchers proved that users’ data is anything but safe by hacking into Revival’s computer system.

Reviver charges $19.95 per month for a 48-month subscription with a wireless plate whose batteries are good for five years, or $24.95 per month for a wired plate. Apart from looking suitably modern, Reviver’s digital plates claim several benefits, including the ability to virtually renew registration, to change the look of the plates, including the personalized text and also to track the plate, and therefor the car it’s attached to. That could be handy if the car has been pinched by some low-life, and Reviver is even able to change the text on the plate to read “STOLEN” to let everyone know.

But that means Reviver holds some important sensitive data about the car’s owner, and the hackers found that data was far too easy to access. By changing their account status from user to administrator the hackers gave themselves privileges that would have allowed them to view the location of vehicles, update the look of vehicle plates, including changing the personalized text running along the bottom and add new users to accounts.

Related: All Californians Are Now Allowed To Get A Digital License Plate

They could even have deleted a user’s plate altogether if they had wanted to, computer whizz Sam Curry, one of the team behind the hack, explained on his blog. And they had access to dealership accounts, enabling them to update the default image used by the dealer. The researchers claim that at this point they reported the system’s security vulnerabilities to Reviver who quickly patched the flaw.

“We are proud of our team’s quick response, which patched our application in under 24 hours and took further measures to prevent this from occurring in the future,” Reviver said in a statement.

“Our investigation confirmed that this potential vulnerability has not been misused. Customer information has not been affected, and there is no evidence of ongoing risk related to this report. As part of our commitment to data security and privacy, we also used this opportunity to identify and implement additional safeguards to supplement our existing, significant protections.”