The sensitive data of customers of both Audi and Volkswagen is sold online. The data has been reportedly stolen from an exposed Microsoft Azure container.
Last week, the German car manufacturer Volkswagen Group of America, Inc. confirmed a data breach took place that affected some of its customers. The breach happened because of a vendor who didn’t secure the servers.
The company disclosed that the leak compromised personal and business contact information from individuals. Some details included were email address, phone number, and details about vehicle’s history, make, model, year, and trim package:
“The data included some or all of the following contact information about you: first and last name, personal or business mailing address, email address, or phone number,” disclosed VWGoA in a data breach notification. “In some instances, the data also included information about a vehicle purchased, leased, or inquired about, such as the Vehicle Identification Number (VIN), make, model, year, color, and trim packages.”
The data breach affected 3.3 million customers of Volkswagen, Audi, and some authorized dealers in the USA and Canada. It was made public on June 14th when a forum user put the Audi and Volkswagen data up for sale on a popular hacking forum.
According to the forum post, the data includes over 5 million records: a database with over 3,862,231 leads and a database with 1,792,278 sales records. The seller stated that the sales database contained more sensitive information, including VINs, business numbers, information about the driver, and vehicle information.
The hacker who stole this data said they were able to access it through an unsecured Azure Blob container. The hackers are asking between $4,000 and $5,000 for all records and said the database does not contain any customers’ social security numbers.
Previously, the same seller was selling a VPN’s database for $1,000 and claimed responsibility for a data breach at the popular recipe site, Copy Me That.
