A recent report by German news magazine Der Spiegel revealed a significant data leak affecting approximately 800,000 electric vehicles from Volkswagen and its subsidiaries (Audi, Seat, Skoda).
Read: Multi-billion dollar Honey extension alleged to be a scam
The leak, originating from software within the vehicles, exposed sensitive location data, potentially allowing malicious actors to track driver movements. This vulnerability was discovered by a whistleblower who also alerted the European hacking association Chaos Computer Club.
The investigation found that Cariad, Volkswagen’s software subsidiary, inadvertently made driver data accessible within Amazon’s cloud storage service. The leaked data included details such as when vehicles were switched on and off, and in some cases, driver emails, phone numbers, and addresses.
Der Spiegel reported that the location data was highly accurate, with precision within ten centimetres for Volkswagen and Seat vehicles and within ten kilometres for Audi and Skoda models.
While Cariad has addressed the vulnerability, assuring customers that no sensitive information like passwords or payment details was compromised, the incident highlights the growing privacy concerns surrounding the vast amount of data collected by modern vehicles. Mozilla has previously described this data collection as a “privacy nightmare.”