A major data leak at Volkswagen exposed sensitive location information of approximately 800,000 electric vehicles for several months, German magazine Der Spiegel reported. The breach affected vehicles from multiple brands including Volkswagen, Audi, Seat, and Skoda.
The data leak originated from a cloud storage misconfiguration by Cariad, Volkswagen's software development subsidiary. The exposed information was stored on Amazon's cloud services and included precise location data accurate within 10 centimeters for some vehicles.
Beyond location tracking, the leaked data contained details about when vehicles were switched on and off. In some cases, it also exposed drivers' personal information including email addresses, phone numbers, and home addresses.
The breach was discovered after a whistleblower alerted Der Spiegel and the European hacking group Chaos Computer Club. According to Der Spiegel's investigation, accessing the exposed data would not have required sophisticated hacking skills - the information was openly available to anyone who knew where to look.
The data collection occurred through Volkswagen's app, which owners use for features like preheating their cars and monitoring battery levels. This created detailed profiles of drivers' daily movements and habits.
Cariad has now addressed the security flaw. The company stated that customers do not need to take any action since no passwords or payment details were compromised. They also noted that vehicle owners can opt out of data collection by deactivating online functions.
This incident highlights growing privacy concerns around modern connected vehicles. With advances in vehicle technology and connectivity, automakers are collecting unprecedented amounts of data about drivers' movements and behaviors.
Volkswagen has not yet made any public statement addressing the full scope of the breach or its potential impact on customer privacy.