Volkswagen leak exposed precise location data on thousands of vehicles across Europe for months
Volkswagen's software unit Cariad exposed terabytes of customer data from around 800,000 electric vehicles, including precise location data for approximately 460,000 cars, for months. Security researchers revealed this leak, which affected vehicles across Europe, including Germany, Norway, and the UK. Cariad has since fixed the issue and claims no unauthorized access occurred. The unit has faced challenges with software delays and job cuts in recent years.
Volkswagen Group’s troubled automotive software unit Cariad left terabytes of customer data on around 800,000 electric Audi, Seat, Skoda, and Volkswagen vehicles exposed to the internet for months, reports Der Spiegel [in German], citing security researchers who learned about the data spill from an unnamed whistleblower.
The researchers, who gave their talk at the Chaos Computer Club in Hamburg, Germany this week, said the exposed data also contained the precise location coordinates on more than half of the listed vehicles, around 460,000 cars. Some of the location data was accurate to a few centimeters, they said, with the data showing most of the vehicles found across Germany, Norway, Sweden, the United Kingdom (in descending order), among others.
Cariad fixed the bug that led to the exposure, and said that it has no evidence to suggest anyone other than the security researchers had access to the exposed data. Cariad has struggled in recent years, plagued by delays to major software launches and a restructuring that has eliminated hundreds of jobs.
