Volkswagen Group’s troubled automotive software unit Cariad left terabytes of customer data on around 800,000 Audi, Seat, Skoda and Volkswagen electric vehicles exposed online for months, reports Der Spiegel (in German), citing security researchers who learned of the leak from an unnamed whistleblower.
The researchers, who gave their talk at the Chaos Computer Club in Hamburg, Germany this week, said the exposed data also contained the exact location coordinates of more than half of the vehicles listed, some 460,000 cars. Some of the location data was accurate to within a few centimeters, they said, with the data showing most vehicles found across Germany, Norway, Sweden, the United Kingdom (in descending order), among others.
Cariad fixed the flaw that led to the exposure and said there was no evidence to suggest that anyone other than security researchers had access to the exposed data. Cariad has struggled in recent years, plagued by delays in major software launches and a restructuring that has eliminated hundreds of jobs.
