Audi, Volkswagen data breach affects 3.3 million customers

What Happened?

Audi and Volkswagen customer data is being sold on a hacking forum after it was allegedly stolen from an exposed Azure BLOB container.

Volkswagen Group of America, Inc. (VWGoA) revealed a data breach After a vendor left customer data unsecured on the Internet between August 2019 and May 2021.

Volkswagen said that “the majority” were affected, the data includes: “first and last name, personal or business mailing address, email address, or phone number. In some instances, the data also included information about a vehicle purchased, leased, or inquired about, such as the Vehicle Identification Number (VIN), make, model, year, color and trim packages.” But for 90,000 victims, the data also included “more sensitive information relating to eligibility for a purchase, loan, or lease and driver’s license numbers.

The majority of impacted individuals are either current or prospective buyers for Audi vehicles. 163,000 individuals are in Canada, whereas the rest are in the United States.

Cause of the Breach:

The information, gathered for sales and marketing between 2014 and 2019, was in an electronic file the vendor left unsecured, VW of America said in its statement.

The data was obtained when the vendor left electronic data unsecured at some point between August 2019 and May 2021

 Stolen data sold on hacking forums:

On June 14, a known seller of data stolen during data breaches put Audi and Volkswagen data up for sale on a popular hacking forum.

According to a post on the forum, the sales data consists of over 5 million records, with 3,862,231 records being leads and 1,792,278 records in the sales database.

 

While the lead database contains contact information and phone numbers for potential purchases, the seller says the sales database includes more information, including VINs, business numbers, information about the driver, and vehicle information.

The hackers are asking for between $4,000 and $5,000 for all records and said that none of the customers have Social Security numbers in the database.

“000 said she worked with another hacker who goes by General Badhou3a. 000 explained that she set up a script to scan the internet for exposed Azure blobs, which are essentially data repositories stored in Microsoft’s cloud. The hacker said she just created a script that would look for exposed backups by checking for known company domains attached to “blob.core.windows.net,” the default Urls for Azure blobs. “

The threatening actor previously told Bleeping Computer that they were selling a database with several Android apps on the Google Play Store for $1,000 to a VPN service provider.

 VM  (Volkswagen Group) Statement :

• We are notifying all affected individuals directly, regardless of whether we are required to do so by law, and will offer free credit protection services to approximately 90,000 individuals for whom sensitive information was involved.
• We take data security very seriously and are committed to safeguarding personal information. We have also informed the appropriate authorities, including law enforcement and regulators, and are working with external cybersecurity experts and the vendor to assess and respond to this situation.

What should Audi and Volkswagen customers do?

• As the Audi and Volkswagen data was unsecured for a long time, there is no telling how many people had gained unauthorized access.
• Therefore, all communications claiming to be from Audi or Volkswagen should be treated suspiciously, especially email or SMS text messages.
• For those who had more sensitive data exposed, you should freeze your credit report to make it harder for third parties to perform identity theft and take credit out under your name.