Q-Park’s contactless parking ability can be used with the number plate to chase people. This was discovered by a Belgian hacker, who also found the same problem with other parking companies and apps.

The problem is very handy: when people add a license plate to the Q-Park app, they don’t have to prove that the license plate belongs to them. If someone else’s license plate is added, you can see where someone is standing.

In turn, the stalker pays the bill for his victim, making the problem primarily a risk for targeted stalking. For example, an angry ex-lover can almost find out where his hiding ex-partner hangs, if the license plate is known.

Q-Park says in a response that people will automatically notice if their license plate is linked to someone else’s account. After that, the barrier will be opened and no costs will be collected.” Also, the license plate can only be associated with one account at a time, to prevent abuse. “If users notice this, they can contact customer service.”

However, people can also believe it is a malfunction if the barrier is opened without payment, says Inti De Ceukelaire hacker. “Furthermore, by that time it will be too late, because your position has already been overtaken.”

De Ceukelaire also discovered the problem of apps that are mainly used outside the Netherlands, with which people can pay for parking afterwards. This can be done by entering someone’s license plate to pay for a previous parking transaction.

The problem may also occur if people use EasyPark to park in a parking garage. This app is also available in the Netherlands. In the Netherlands, the problem occurs mainly with parking lots, but in a number of cases also with street parking, says the hacker.

“120 volunteers signed up to test the problem, and in 29 percent of the cases I was able to find out their location,” says De Ceukelaire. “It could have been more than that, but I had to stop somewhere.”

The problem is not limited to parking: on toll roads with number plate recognition in France, Sweden, Norway and Ireland, users can also be tracked.

To avoid the problem, people can object under the GDPR privacy law via a tool located at website From the Belgian hacker. De Ceukelaire believes that in the end, license plates should be better protected. People will then have to confirm that the license plate is indeed owned by them.

“I don’t have a problem with this technology, but people have a right to prevent abuse,” he says. Until then, Q-Park, for example, can more clearly show who is paying for the transaction. “Then it will be clear more quickly if that’s not true.”