A major data breach at the software company Cariad, a subsidiary of Volkswagen, would have left the data, in addition to geolocation data, of some 800,000 electric vehicle owners online and available for months. A first blunder by a car manufacturer that is already in crisis.
The leak concerned electric cars owned by VW, Audi, Seat and Skoda homeowners in Germany, Europe and other parts of the world, German magazine Spiegel reported on Friday. The information available to everyone online included touch and motion data, making it possible to see when a car was parked at home, on the street, or “outside a brothel,” Spiegel writes.
Sensitive data remained exposed for months in an unprotected and misconfigured Amazon cloud storage solution; the problem has already been solved. The breach was reported through the Chaos Computer Club hacker agreement, which was reported through an anonymous hacker. Although Volkswagen has left the door open for anyone to access the knowledge for months, there is no evidence that anyone has done this. Which is a smart thing, because a fairly tech-savvy user can access months of your whereabouts and attach them to your non-public identification data through Volkswagen’s online services. For about 466,000 of the 800,000 cars involved, the location knowledge was incredibly precise, so anyone could track the identity of their vehicle. the driver’s daily routine. Spiegel reports that the list of owners includes German politicians, businessmen, the entire fleet of electric vehicles driven by the Hamburg police, and even alleged employees of the intelligence service. So even if nothing had happened, the scenario could have been much worse.
Cariad responded to Spiegel saying that no sensitive data was exposed, adding that customers “don’t need to take any action, as no sensitive information like passwords or payment data is affected.”
Still, other people are not happy, especially the German politicians whose names were on the list, with Der Spiegel reviewing the knowledge and presenting it to some high-profile figures involved: “shocking”, “annoying” and “embarrassing” are some of the comments from those involved.
Volkswagen has argued that accessing individual data was a more complicated process than it seems. “Only by bypassing several security mechanisms, which required a high level of expertise and a considerable investment of time, and by combining different data sets, was the CCC able to draw conclusions about individual customer data from certain users,” the company said in a statement.Of course, Volkswagen isn’t the only automaker to fumble their software, with Toyota last year admitting to a major data breach involving more than 2 million owners in Japan.
If you have an electric vehicle, rate your vehicle at home with solar panels on the roof. To make sure you find a trustworthy, reliable solar installer near you that offers competitive solar costs, check out EnergySage, a free service that makes it easy for you to get through the sun. They have many pre-selected solar installers competing for your business, ensuring high-quality responses and 20-30% savings compared to a stand-alone solution. Plus, it’s easy to use and you may not receive sales calls until you select an installer and share your phone number with them.
Your traditional sun quotes are easy to compare online and you have access to unbiased energy advisors to help you every step of the way. Start here.
Jennifer is a writer and editor for Electrek. Based in France, she has worked previously at Wired, Fast Company, and Agence France-Presse. Send comments, suggestions, or tips her way via X (@JMossalgue) or at [email protected].