Cariad, the Volkswagen Group’s troubled automotive software unit, left terabytes of customer data on around 800,000 Audi, Seat, Skoda and Volkswagen electric vehicles exposed to the Internet for months, according to reports. The mirror [in German]citing security researchers who learned of the data breach from an anonymous whistleblower.
The researchers, who they gave their talk at the Chaos Computer Club in Hamburg, Germany, this week, said the exposed data also contained the precise location coordinates of more than half of the listed vehicles, around 460,000 cars. Some of the location data was accurate to within a few centimeters, they said, and the data showed most vehicles found in Germany, Norway, Sweden and the United Kingdom (in descending order), among others.
Cariad fixed the bug that caused the exposure and said it has no evidence to suggest anyone other than security researchers had access to the exposed data. Cariad has struggled in recent years, plagued by delays to major software releases and a restructuring that has eliminated hundreds of jobs.