For months, location data for approximately 800,000 Volkswagen electric vehicles was exposed online due to a software vulnerability, according to a report by the German news outlet Der Spiegel. The breach, originating from the software integrated into Volkswagen vehicles, potentially allowed malicious actors to track a driver’s precise movements.
A whistleblower alerted Der Spiegel and the European hacking group Chaos Computer Club about the issue, which reportedly also impacted EVs from other Volkswagen-owned brands, including Audi, Seat, and Skoda, on a global scale.
Der Spiegel discovered that Cariad, the Volkswagen subsidiary responsible for the automaker’s software, had inadvertently enabled attackers to access driver data stored in Amazon’s cloud storage. This data, which could be linked to driver names and contact information, allegedly included details such as when EVs were powered on or off, as well as some email addresses, phone numbers, and home addresses.
The leak included the “precise” locations of around 460,000 vehicles, with Der Spiegel reporting that the data was “accurate to within ten centimeters” for Volkswagen and Seat models, and within 10 kilometers (~6 miles) for Audi and Skoda vehicles.
Cariad has since resolved the issue and assured Der Spiegel that customers “do not need to take any action, as no sensitive information, such as passwords or payment details, was affected.” The Verge reached out to Cariad and Volkswagen for comment but did not receive an immediate response.
This incident underscores the vast amount of data modern vehicles collect, a practice that Mozilla has labeled a “privacy nightmare.”
Responsible for delivering local & international automotive news.
