Volkswagen Group’s troubled automotive software unit Cariad left terabytes of customer data on around 800,000 electric Audi, Seat, Skoda, and Volkswagen vehicles exposed to the internet for months, reports Der Spiegel [in German], citing security researchers who learned about the data spill from an unnamed whistleblower.
The researchers, who gave their talk at the Chaos Computer Club in Hamburg, Germany this week, said the exposed data also contained the precise location coordinates on more than half of the listed vehicles, around 460,000 cars. Some of the location data was accurate to a few centimeters, they said, with the data showing most of the vehicles found across Germany, Norway, Sweden, the United Kingdom (in descending order), among others.
Cariad fixed the bug that led to the exposure, and said that it has no evidence to suggest anyone other than the security researchers had access to the exposed data. Cariad has struggled in recent years, plagued by delays to major software launches and a restructuring that has eliminated hundreds of jobs.
