Security researchers have discovered a vulnerable database containing the details of approximately 10 million vehicles sold in the US, including vehicle identification numbers (VIN) and personal details about the owners.