A Volkswagen software subsidiary called Cariad suffered a massive data breach that left 800,000 electric vehicle owners unprotected, a report says German publication Mirror online world. The leak allowed personal information, including movement data and contact information, to remain online for months.
This included precise location data for 460,000 vehicles from the manufacturers VW, Seat and Audi. The information was reportedly accessible via the cloud storage platform Amazon. There is a silver lining here. Cariad says that despite its availability, no attacker accessed the exposed data. The bona fide hacker association Chaos Computer Club (CCC) discovered the leak on November 26th and alerted the company to it.
VW said this in a statement checked by the German Press Agency DPA that the error has now been fixed so that the information is no longer accessible. Additionally, the company noted that the leak only affected location and contact information as passwords and payment details were not affected. Initially, only selected vehicles registered for online services were at risk, it said. “The data was accessed in a very complex, multi-stage process.”
According to Volkswagen, the CCC hacker group was only able to access pseudonymized vehicle data that did not allow any conclusions to be drawn about specific customers. This was achieved “only by bypassing several security mechanisms, which required a high level of expertise and a significant amount of time.”
In other words, affected customers shouldn’t worry too much about their location data being captured by dark web hacks. The company has initiated an investigation into the matter and will decide on further action once it is complete.
As modern vehicles Go online more and moreit opens up a multitude of new risks for them. It was just last year when a viral TikTok challenge taught Hyundai users something how to hack their vehiclesresulting in more than a dozen accidents and eight deaths.
