Volkswagen leak exposed location data for 800,000 electric cars

For months, the location information of around 800,000 electric Volkswagen vehicles was available online due to a data leak, according to a report from the German news magazine Der Spiegel. The leak reportedly stemmed from the software running inside Volkswagen vehicles and could’ve allowed a bad actor to trace a driver’s exact movements, as noted by Electrek.

A whistleblower first notified Der Spiegel and the European hacking association Chaos Computer Club of the vulnerability, which also affects EVs from Volkswagen-owned car brands on a global scale, including Audi, Seat, and Skoda.

Der Spiegel found that Cariad, the Volkswagen subsidiary behind the automaker’s software, made it possible for an attacker to find and access driver data housed in Amazon’s cloud storage service. The data, which “could be linked to the names and contact details of the drivers,” reportedly included details about when EVs were switched on and off, along with the emails, phone numbers, and addresses of drivers in some cases.

It included the “precise” locations of about 460,000 vehicles, as Der Spiegel says the data was “accurate to within ten centimeters” for Volkswagen and Seats vehicles, and within 10km (~6 miles) for Audi and Skoda models.

Cariad has since addressed the issue, telling Der Spiegel customers have ”no need to take any action, as no sensitive information such as passwords or payment details are affected.” The Verge reached out to Cariad and Volkswagen with requests for comment but didn’t immediately hear back.

If anything, this leak serves as yet another reminder of the immense amount of data collected by modern-day vehicles, which Mozilla has called a “privacy nightmare.”