A recent data breach has raised significant concerns regarding the electric vehicle manufacturer Volkswagen. According to reports from TechSpot, a serious leak has exposed the personal information and location data of around 800,000 owners of Volkswagen, Audi, Seat, and Skoda electric vehicles.
The breach originated from Cariad, Volkswagen’s software development subsidiary, and has reportedly made sensitive information accessible online for several months. Affected users span across Germany, Europe, and beyond. The leaked data includes personal details such as emails, phone numbers, home addresses, and specific mobility information, enabling the potential tracking and control of these electric vehicles. Notably, the location data for approximately 460,000 Volkswagen and Seat vehicles is accurate to within just 10 centimeters, while Audi and Skoda data can pinpoint locations to within 10 kilometers.
The leak exposed a range of individuals, including German politicians, business leaders, the entire Hamburg police tram fleet, and possibly intelligence personnel. The data stored on Amazon’s cloud service was found to be unprotected and misconfigured, which is believed to be the root cause of the incident.
The Chaos Computer Club (CCC), a white-hat hacker organization, discovered the vulnerability after being informed by an anonymous hacker and subsequently alerted German authorities. Volkswagen and Cariad were given a 30-day notice to rectify the issue before the details were disclosed publicly.
In response to the breach, Volkswagen has confirmed that they have addressed the security flaw. They also stated that passwords and payment information were not compromised. The company clarified that only vehicles registered for online services were susceptible and that accessing the data required overcoming several complex security measures.
This incident highlights the ongoing concerns surrounding data security in the realm of connected vehicles. It underscores the broader issue of data collection by automakers, as a recent study by Mozilla indicated that all 25 surveyed car brands were found to be collecting excessive amounts of personal data.
