A massive data leak has left around 800,000 electric Volkswagen vehicles vulnerable, with their location information exposed online for months. According to a report by German news magazine Der Spiegel, the leak stemmed from the software running inside Volkswagen vehicles, allowing potential attackers to trace a driver's exact movements.

The vulnerability was first identified by a whistleblower, who notified Der Spiegel and the European hacking association Chaos Computer Club. The leak affects not only Volkswagen but also other car brands owned by the company, including Audi, Seat, and Skoda, on a global scale.

Der Spiegel's investigation found that Cariad, the Volkswagen subsidiary responsible for the automaker's software, had made it possible for an attacker to access driver data housed in Amazon's cloud storage service. The exposed data includes details about when EVs were switched on and off, as well as the emails, phone numbers, and addresses of drivers in some cases.

The location data is reportedly precise, with Volkswagen and Seat vehicles' locations accurate to within ten centimeters, and Audi and Skoda models' locations accurate to within 10km (~6 miles). This level of precision raises significant concerns about the potential misuse of this data, particularly in cases where drivers' personal information is also exposed.

Cariad has since addressed the issue, assuring customers that they do not need to take any action, as no sensitive information such as passwords or payment details are affected. However, the company's response has not alleviated concerns about the security and privacy of modern vehicles, which have been criticized for collecting vast amounts of data.

This leak serves as a stark reminder of the immense amount of data collected by modern-day vehicles, which Mozilla has previously described as a "privacy nightmare." The incident highlights the need for automakers to prioritize data security and privacy, particularly as the industry continues to shift towards connected and autonomous vehicles.

The incident also raises questions about the responsibility of automakers to protect customer data. In recent years, there have been growing concerns about the sale of customer data and the lack of transparency in the automotive industry. This latest leak is likely to add fuel to the debate about the need for stricter regulations and greater accountability from automakers.

In conclusion, the Volkswagen data leak is a sobering reminder of the importance of data security and privacy in the automotive industry. As vehicles become increasingly connected, it is essential that manufacturers prioritize the protection of customer data and take concrete steps to prevent such breaches in the future.