Customer data from US and Canadian consumers who have purchased a car from Volkswagen or Audi is currently traded on the dark web.
The attackers say their database contains a total of more than five million data. The asking price of the database is between $4,000 and $5,000.
Millions of customers victims of a data breach
Earlier this month, Volkswagen announced that a supplier the carmaker does business with stored customer data unsecured between August 2019 and May 2021. The company collected customer data from US and Canadian Volkswagen and Audi customers between 2014 and 2019 for sales and marketing purposes. Hackers say they managed to get their hands on data from 3.3 million customers. Volkswagen will not confirm whether this is an accurate number but acknowledges that “limited personal information” was stolen by unauthorized persons.
A lot of personal data was stolen during the data breach. In addition to first and last names, postal and e-mail addresses and telephone numbers, the attackers also managed to retrieve license plate information. Even more, privacy-sensitive data was stolen from a group of 90,000 customers. Then you have to think of birth dates, identification numbers and information about sold cars. Financial data that customers had to provide to prove their liquidity also fell into the hands of the perpetrators.
This is how the hacker managed to steal the data
According to BleepingComputer, a hacker posted a message on a hacking forum on the dark web this week. In it, he offers a database with the captured data from American and Canadian customers of Volkswagen and Audi. According to the company, the dataset consists of 1,792,278 units of information about cars sold and 3,862,231 leads.
To prove the authenticity of the database, the hacker put samples online. Motherboard contacted the people mentioned in the samples. Seven people confirm that the information the hacker put online is authentic. The attacker conforms to the platform that the data set he offers for sale does not contain social security numbers ( social security numbers ). Finally, he says that he wants to receive between 4,000 and 5,000 dollars for the complete data set.
The hacker also releases technical details about how he managed to get hold of the data. He says he used a script that tracks exposed backups of known domain names associated with blob.core.windows.net. That is the default URL of data repositories of Microsoft’s cloud service Azure, also known as Azure Blobs.
Volkswagen warns customers about scams
When Volkswagen exposed the data breach, the automaker said it had security measures in place to prevent a recurrence in the future. Law enforcement and investigative services have been notified and outside cybersecurity experts have helped to plug the leak.
Finally, Volkswagen has warned victims about phishing and identity theft. The company asks victims to be aware of spam messages in which the sender asks for personal or confidential information. “Unsolicited emails may contain computer viruses or other forms of malware,” Volkswagen warns.
Catch up on more articles here
Follow us on Twitter here