Data Leak at Volkswagen and Subsidiary Brands: Location Data of 800,000 Electric Vehicles Exposed
A significant data leak has exposed the location data of approximately 800,000 electric vehicles from Volkswagen and its subsidiary brands, including Audi, Seat, and Skoda. The vulnerability, first reported by the German news magazine Der Spiegel, stemmed from a software flaw within the vehicles themselves, allowing unauthorized access to sensitive driver information. The VW data leak highlights the growing concerns surrounding data privacy in the age of connected cars.
VW Data Leak Caused by Vulnerability in Cariad’s software
The volkswagen data leak revealed the precise location of roughly 460,000 vehicles, with accuracy within ten centimeters for Volkswagen and Seat vehicles. For Audi and Skoda models, the accuracy was within 10 kilometers. This precise location data, combined with other compromised information, paints a concerning picture of the potential for misuse.
Beyond location tracking, the leak also included personal information for some drivers. According to Der Spiegel, the compromised data included emails, addresses, and phone numbers. The report notes that this data “could be linked to the names and contact details of the drivers,” raising significant privacy concerns. The data also included information about when the EVs were switched on and off.
The source of the vulnerability, as identified by Der Spiegel, lies within Cariad, Volkswagen’s software subsidiary. Cariad’s software allowed attackers to access driver data stored in Amazon’s cloud storage service. This points to a critical security failure in the design, implementation, or management of Volkswagen’s data infrastructure. A whistleblower alerted Der Spiegel and the Chaos Computer Club, a European hacking association, to the vulnerability.
Cariad’s Response to Volkswagen Data Leak
Cariad has since addressed the issue, assuring customers that “no sensitive information such as passwords or payment details are affected.” However, the exposure of location data, combined with personal details for some drivers, remains a serious breach of trust and raises significant questions about the security practices of Volkswagen and its subsidiaries. The Verge reached out to Cariad and Volkswagen for comment but did not receive an immediate response.
The Volkswagen data leak serves as a stark reminder of the immense amount of data collected by modern vehicles, a point emphasized by Mozilla’s assessment of modern cars as a “privacy nightmare.”
The incident underscores the need for greater transparency and stronger security measures within the automotive industry to protect driver data. The scale of the vw data leak, affecting hundreds of thousands of vehicles globally, demands a thorough investigation and significant improvements in data security protocols. The incident also highlights the importance of robust whistleblower protection mechanisms to uncover and address such vulnerabilities.
