That auto companies or their partners maintain databases to store key and programming codes is not in itself unusual. After all, rightful car owners would need that information to create new keys if they were locked out, Fisher said. But in this case, it appears the security vulnerability may have been the integrity of the database. One way for criminals to extract stored information is to hack into a network that has access to it, she said. Another way is get authorized users to obtain the information themselves, and then pass it on, or to share active credentials with someone who shouldn't have them.