Volkswagen has inadvertently exposed the personal information of 800,000 electric vehicle owners, including their location data and contact details.
The breach, which occurred due to a misconfiguration in the systems of Cariad, VW’s software subsidiary, left sensitive data stored on Amazon Cloud publicly accessible for months.
The exposed information included precise GPS data, which allowed for the creation of detailed movement profiles of the vehicles and their owners.
This breach not only compromised the privacy of everyday citizens but also affected high-profile individuals such as politicians, business leaders, and law enforcement officers.
The breach was discovered by the Chaos Computer Club (CCC), a German hacker group known for its ethical hacking practices. The CCC promptly informed Volkswagen of the vulnerability, allowing the company to address the issue before it could be exploited maliciously.
This incident underscores the growing concerns over data privacy in the automotive industry, where connected vehicles are becoming increasingly common.
2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide
Volkswagen’s data breach is part of a broader trend of security issues within the automotive sector. A 2023 study by the Mozilla Foundation revealed that modern cars are a “privacy nightmare,” with 25 car brands collecting more data than necessary and 76% of them admitting to the potential resale of this data. Additionally, 68% of the brands had experienced hacks, security incidents, or data leaks in the previous three years.
This incident follows other notable breaches in the industry. In January 2023, a team led by hacker Sam Curry demonstrated how they could access BMW employee and dealer accounts, viewing sales documents.
Similarly, Mercedes-Benz’s internal chat system was compromised, and Kia vehicles were found to be vulnerable to remote unlocking and starting.
The Jeep hack of 2015 remains a legendary example of automotive cybersecurity vulnerabilities. Two IT specialists remotely accessed a Jeep’s electronics through its cellular module, controlling brakes, speed, and radio. This led to a recall of 1.4 million vehicles for a software update to prevent such attacks.
Volkswagen has not yet provided detailed information on how they plan to mitigate the damage or prevent future breaches. However, this incident serves as a stark reminder of the critical need for robust cybersecurity measures in the automotive industry, especially as vehicles become more connected and data-driven.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free