1 min read

Link: VW Group had sensitive info, including GPS coordinates, of 800K+ electric vehicles exposed on an unprotected AWS database for months before it was alerted (Thanos Pappas/Carscoops)

Sensitive data from 800,000 VW Group EV owners was exposed due to a misconfigured cloud storage system. The leak impacted Audi, VW, Seat, and Skoda brands across various regions, including Europe.

This breach revealed detailed movements of the owners, from residential locations to more sensitive sites. Extensive GPS data enabled precise tracking of individual habits and routines.

The exposure was first discovered by a whistleblower and subsequently reported to Europe’s largest hacking group, Chaos Computer Club (CCC). CCC alerted authorities, and the technical team at Cariad responded promptly to secure the data.

Despite assurances from Cariad that no critical data such as passwords were compromised, the risk of misuse by potential criminals was significant. The leak included data about high-profile individuals like politicians and police officers.

Politicians expressed distress upon discovering their involvement, demanding higher cybersecurity measures. This incident marks yet another major automaker fumbling with user data, following previous breaches like those acknowledged by Toyota.

The automotive industry must prioritize cybersecurity to maintain consumer trust in modern, connected vehicles. The urgency for data protection has become comparable to the necessity for crash safety in vehicles.

 #

--

Yoooo, this is a quick note on a link that made me go, WTF? Find all past links here.