Security News

Audi and Volkswagen customer data is being sold on a hacking forum after allegedly being stolen from an exposed Azure BLOB container. Last week, the Volkswagen Group of America, Inc. disclosed a data breach after a vendor left customer data unsecured on the Internet between August 2019 and May 2021.

One of Volkswagen's vendors left one of its systems open for nearly two years, exposing the personal data of 3.3 million customers - nearly all of them owners or wannabe owners of the automaker's luxury brand of Audis - Volkswagen America said last week. The car maker said that the data, mostly collected for sales and marketing, was exposed by a vendor used by Volkswagen, its Audi subsidiary and authorized dealers.

Audi and Volkswagen have suffered a data breach affecting 3.3 million customers after a vendor exposed unsecured data on the Internet. It is responsible for US and Canadian operations for Volkswagen, Audi, Bentley, Bugatti, Lamborghini, and VW Credit, Inc. According to data breach notifications filed with the California and Maine Attorney General's office, VWGoA disclosed that a vendor left unsecured data exposed on the Internet between August 2019 and May 2021.

Volkswagen Group of America this week revealed that approximately 3.3 million people might have been affected in a data breach that impacted both Audi of America and Volkswagen of America. "VWGoA discovered the information at issue included more sensitive personal information on or about May 24, 2021. VWGoA completed the analysis to identify which specific individuals were impacted on or about June 7, 2021," the company said in a letter to the Maine Attorney General.

"Trend Micro simply designed the driver to provide a significant amount of functionality to privileged callers in user-mode, allowing attackers to misuse the driver in several ways. The problem is that Trend Micro's driver is insecure by design, making it a perfect candidate for abuse by malicious actors around the world." Demirkapi believes Trend's kernel driver is cheating on Microsoft's WHQL driver verification test: if the driver detects it is installed on a computer running the test, it alters its behavior to pass the examination, whereas outside the test, it would fail to meet Microsoft's quality standards.

"Trend Micro simply designed the driver to provide a significant amount of functionality to privileged callers in user-mode, allowing attackers to misuse the driver in several ways. The problem is that Trend Micro's driver is insecure by design, making it a perfect candidate for abuse by malicious actors around the world." Demirkapi believes Trend's kernel driver is cheating on Microsoft's WHQL driver verification test: if the driver detects it is installed on a computer running the test, it alters its behavior to pass the examination, whereas outside the test, it would fail to meet Microsoft's quality standards.

The scam is spread via Facebook and WhatsApp messages.

Researchers found a way into both cars through the Wi-Fi interface.

Vulnerable in-vehicle infotainment systems have left some Volkswagen cars open to remote hacking, researchers warn.