Volkswagen Subsidiary Left Vehicle Location Data Unprotected in Amazon Storage ⇥ spiegel.de

Patrick Beuth et al., in a German-language report in Der Spiegel, as translated by Apple’s built-in translator:

Because many of the vehicle data could be linked to the names and contact details of the drivers, owners or fleet managers. Precise location data could be viewed on 460,000 vehicles, which allowed conclusions to be drawn about the lives of the people behind the steering wheels – just like the two politicians.

[…]

It is a more than embarrassing breakdown for the already struggling group. It’s a shame. Especially in the software, where VW lags behind the competition anyway. Of all things, the security of private data, which the Germans like to cite as a location advantage over the much more lax USA.

Linus Neumann, of the Chaos Computer Club, also German-language, also translated by Safari:

The information collected by VW subsidiary Cariad contains precise information on the location and time of the ignition. The movement data is linked to other personal data. In this way, they also allow conclusions to be drawn about suppliers, service providers, employees or camouflage organizations of the security authorities.

Anthony Alaniz, Motor1:

The hacker group, the Chaos Computer Club, informed Cariad about the vulnerability, which quickly patched the issue. Cariad told Spiegel that the vulnerability was a “misconfiguration” and that the company doesn’t merge data that would allow someone to create a profile about a person. According to the company, the researchers had to combine different data sets by “bypassing several security mechanisms.” It also said it’s unaware of anyone accessing the data other than CCC.

Cariad has a lot of gall to issue a statement redirecting blame to someone defeating “security mechanisms” instead of the possibility all this stored data could be re-identified in the first place.