A Volkswagen software subsidiary called Cariad experienced a massive data breach that left 800,000 electric vehicle owners exposed, according to a report from the german publication Mirror the world online. The breach allowed personal information to remain online for months, including movement data and contact information.
This included precise location data from 460,000 vehicles made by VW, Seat and Audi. The information was reportedly accessible through amazon's cloud storage platform. There is a positive side here. Cariad says that despite being available, no bad actors accessed the exposed data. The bona fide hacker association Chaos Computer Club (CCC) detected the leak on November 26 and brought it to the company's attention.
VW said in a statement reviewed by the German press agency DPA that the error has since been rectified, so the information is no longer accessible. Additionally, the company noted that the leak only concerned location and contact information, as passwords and payment details were not affected. It added that initially only certain vehicles registered for online services were at risk, stating that “the data was accessed in a very complex, multi-stage process.”
According to Volkswagen, the CCC hacker group was only able to access data from pseudonymized vehicles that did not allow conclusions to be drawn about specific customers. This was done “only by circumventing various security mechanisms, which required a high level of expertise and a considerable investment of time.”
In other words, affected customers shouldn't worry too much about their location data being collected by the ne'er-do-wells of the dark web. The company has launched an investigation into the matter and will make a decision on next steps when it is concluded.
As modern vehicles become increasingly online, they are exposed to a host of new risks. It was just last year when a viral TikTok challenge taught Hyundai users how to hack their vehicles, leading to more than a dozen accidents and eight deaths.
