jalopnik Archives - Storytailer

In the middle of July, a small dealer in Oregon started to get a lot of attention. I’m fairly certain their website visitors spiked and at least one VDP started to get massive traffic. You see, somehow a 2001 Mercedes-Benz got transformed into a picture of a naked woman. Yes, you heard that right. Word started spreading amongst the automotive circles on social media AND, more importantly, to the public through a very popular automotive blog, Jalopnik. We (being my friends in the automotive community) found it quite amusing. The author of Jalopnik reports that he called the dealership and the faux pas was blamed on… wait for it… a computer virus. This “naked woman” VDP was appearing all across the Internet – the dealer’s website, Cars.com, and Auto.com being amongst them. I bet that dealer got more phone calls, leads and VDP views on this 2001 Mercedes than any vehicle it has ever had in its history.

The problem didn’t stay there, however. Once I verified this on their website and Cars.com, I started researching to see exactly how widespread this was. That vehicle (and picture) was everywhere. Not only that but once I SAW the picture, I couldn’t UNSEE it. Yes, the remarketing magic kicked in. All of a sudden, I had a naked woman stalking me on the Internet.

Anyone who knows the path of data distribution in the car industry knows that this didn’t originate with Cars.com. If you don’t know, this is basically the flow:

Dealer/3^rd Party Photo Service -> Data Distribution Company -> 3^rd Party websites

Having worked at HomeNet for a while, I got fairly familiar with this process. Some dealers would argue that “data distribution company” should be replaced with “website provider” but, for the most part, website providers don’t actually do the data distribution. In most cases, they subcontract out the service to companies like HomeNet. As a dealer, you may or may not be aware of this as your website provider may include data distribution in their service. I cannot count the times that I called dealers whose data feed we already had to try and sell them services and they had no clue that we (HomeNet) were distributing their data already.

How could something like this happen? Well, there are several possibilities so let’s get started.

Computer virus/Hacked – I don’t buy this one. This would have to be a pretty intricate virus with the ability to identify a picture of a naked woman, log into the dealer’s account with their data company, choose a vehicle and upload the picture into the system. When I looked at their website, it was only this single VDP that had the explicit picture. If it were a computer virus, chances are more than likely that it would have replaced EVERY picture for all of the vehicles. Not just one. Viruses are malicious. They want to do damage. The same rationale goes for a hacker. Replacing one picture isn’t going to make some guy so happy he spits out his Twinkie while Mountain Dew flies out of his nose. (I know, total stereotype. It was simply an effort to be amusing.)
Dealer Accident – This is certainly a possibility. In the past, dealers have been notoriously vocal about how difficult and time-consuming it was to take and upload pictures. This motivated the industry into creating software that made it easier. It’s possible that whomever was in charge of uploading pictures at the dealership happened to have this naked girl on their desktop or in the folder with the vehicle pictures and it accidentally got uploaded. Knowing the mechanics of retrieving pictures from a camera, then manually selecting the pictures that go each which vehicle while uploading them makes this scenario also unlikely. There was only a single picture for this vehicle so you can’t say that it was mixed in with 30+ other pictures of the same vehicle.
Third Party Photo Service – This, again, is pretty unlikely. Photo services depend on their clients for revenue. For the most part, they also use technology that makes taking pictures and attributing them to vehicles pretty efficient. Scan a Vin. Take a bunch of pictures. Repeat. Upload. It’s pretty automatic. Seeing as this explicit photo wasn’t a picture of a picture, the likelihood that it was already on the camera is slim-to-none. The exception here would be smaller photo services that don’t use this sort of technology. In those cases, you would refer back to possibility #2 above.
Cars.com – Forget about it. Do you really think Cars.com has the time to upload photos for dealers? They simply take a feed that originated as a combination of a DMS vehicle record and corresponding pictures and a listing is created automatically. Obviously there isn’t a censor watching on their end. They probably don’t feel the need for one. It’s certainly not scalable for them to view the millions of inventory pictures they get daily from dealers across the country.
On Purpose – This is the most likely scenario. Someone was either disgruntled or wanted a little laugh. Based on the results of widespread distribution though, this had to happen at or before the data distribution link in the chain of events for it to get disseminated as much as it was. Unless the dealer used a small photo service that they just cancelled, the likelihood that it was a vendor is small. People have to pay the rent, you know. The simplest solution is that someone at the dealership, that had the log-in to upload a picture, is the culprit. As they say, the simplest answer is usually the correct one. Maybe they were upset. Maybe it was a prank. We’ll probably never know.

Dealers are way too lax with their vital services and log-ins. Most CRMs have unique log-ins as they need to track activity and tie it to specific employees. The same is true with MOST log-ins to a DMS. Exceptions exist, however. There are many instances of shared or single passwords being used by dealers to access services. How about social media accounts? Imagine that showing up on your Facebook page, Twitter, Instagram, etc. A lot worse can happen to a dealer than the scenario in this article.

Vendors aren’t immune to this either. Read the comments on that Jalopnik article. Cars.com got some unwanted publicity as well. Consumers don’t know the mechanics involved. They simply blamed Cars.com and had a good laugh. That picture/VDP was on their (and other) websites for HOURS. I reached out to them via Twitter. While they wouldn’t get specific with me (although I’m sure they know exactly where they got the feed from) they did deny responsibility tweeting that the image “originated from a 3^rd party site.”

The point of this article isn’t to cast blame. I’m certainly not Sherlock Holmes. I’m simply using common sense. As dealers, your website and VDPs are your virtual dealership. Unless you would place a naked girl in the middle of your lot to bring in traffic, you probably don’t want this happening to you. (Although it would probably work better than a giant inflatable gorilla or wavy tube guy. Just saying.) You should treat all of your services as if you were in the military. Log-ins and passwords (especially administrator-level ones) should be shared on a “need to know” basis. In every possible case, there should be levels of access for individual users. This way, you can control who can access what, what they can do once there, and, if something goes wrong, hold someone accountable.

Dealers also need to know, and control, exactly where their inventory is going. Most dealers get sold on the fact that there inventory will be on a gazillion websites and their eyes light up like a child seeing his or her presents under the tree on Christmas morning. Dealers should know not only whom THEY are sending their inventory to but also to whom THOSE people may be sending it to as well.

While this was an amusing venture that didn’t last a terribly long time, it’s a perfect example of Murphy’s Law – “If anything can go wrong, it will.”

Data security is something that’s becoming more prominent in the eyes of consumers. If someone can upload a naked picture of a woman and get that on hundreds of websites in a minute, imagine what someone who REALLY wants to get revenge or create havoc can do with your DMS database, social media accounts, CRM, customer information (including socials, DOBs, etc)…and guess who would be responsible…

You.

A customer comes into your dealership because the warning lights come on in his Certified Pre-owned BMW after your service department tells him to bring it in immediately. He comes in and your first tier tech tells him the lights only apply to an emissions issue which doesn’t apply in his state, promptly turns the warning lights off and tells the customer he’s “good to go”. The customer leaves and two days later, the steering fails on his car while driving 65-75 mph on the freeway causing him to crash off the side of the road. When he complains to the GM, no apology is given and he’s told to bring the car back in. He expresses concern about his trust in the dealership and says he wants to go to a different one and is told that he can only bring the car there.

He then goes online and starts asking questions in a brand-enthusiast forum. After getting some information and advice from his peers, he meets with the GM at the dealership where, after expressing his concerns about the dealership’s service quality, the GM asks “then you shouldn’t even be in my office wasting my time”. The customer then agrees to let the dealer pick up his car via flatbed to look at it but is denied a loaner car.

Someone at your corporate office sees his online forum posting and has the corporate LAWYER call the customer requesting that he remove his online posting. He refuses and takes the car to an independent mechanic where he is told that the codes indicate issues with “steering and stability control”.

BMW North America gets involved. They ask the customer to bring his car into a different dealer and promise to fly in a team of specialized engineers. They confirm the steering and stability issues, charge him his $50 deductible and only fix two issues that are covered under his CPO warranty. Neither the corporate office or the dealership will explain to him what was wrong or take any responsibility and, when asked why, they say they “don’t appreciate that (he’s) made this a public issue on the forums.”

Yes, this really happened. What a train wreck.

The dealership? BMW of North Scottsdale. (a Penske Automotive dealership)

This story made the website “Jalopnik” yesterday. The article (in which the dealer is not only named but linked to) “Did a Dealer Ignore a Faulty, Dangerous BMW?” has received 27,334 unique visitors and has 209 comments. In one day.

The original forum post has 327 comments on it in less than 30 days and has been viewed by 27,956 unique visitors.

The Jalopnik article is now in the #6 position on Google Page 1 for a search for the store’s name, four spots up from their DealerRater page.

We’ve all experienced irate customers. We all make mistakes. There were so many opportunities for customer service to appear by so many different parties (technician, service manager, general manager, corporate office, manufacturer, the second dealership, and, of course, the corporate lawyer), yet it never did and now the dealer and BMW have a PR nightmare on their hands.

One forum poster actually said this: “Scottsdale BMW got a pretty good rating at dealer rater…shall we change that?”

What would you do if this happened at your dealership? How would you handle this?

Forget SEO, Naked Women Will Increase VDP Views

BMW Dealer Customer Service Fail Goes Viral