It might make sense to have an admin panel for account related functionality, basically do these cars still exist or have they not checked in for three years at all. Maybe an owner reset in case of auctions of vehicles by a bank or something similar. But it certainly makes no sense that someone could have access to the functionality of the car itself without at the very least locking out the current owner (via that owner reset) and thus being very noticeable.