Hackers Are Selling Data Stolen From Audi and Volkswagen
On Friday, Volkswagen disclosed a data breach that it said
affected 3.3 million customers and interested buyers. On Monday, hackers put
the data stolen from the car maker on sale on a notorious hacking forum.
In the sales listing reviewed by Motherboard, a hacker that
goes by 000 wrote that the data included email addresses and Vehicle
Identification Numbers (VIN). The hacker also posted two samples of the data,
which included full names, email addresses, mailing addresses, and phone
numbers.
The type of data seems to align with what Volkwagen admitted
was stolen. In a website set up by a cybersecurity vendor on behalf of the car
maker, Volkswagen said that "the majority" of affected data included:
"first and last name, personal or business mailing address, email address,
or phone number. In some instances, the data also included information about a
vehicle purchased, leased, or inquired about, such as the Vehicle
Identification Number (VIN), make, model, year, color and trim packages."
But for 90,000 victims, the data also included "more sensitive information
relating to eligibility for a purchase, loan, or lease.
Nearly all of the more sensitive data (over 95%) consists of
driver’s license numbers," according to the company, which added that the
majority of data pertains to Audi customers and interested buyers in the US and
Canada only. The company also said it believes the data was left unsecured by a
vendor. (Audi is owned by the Volkswagen Group.)
"There were also a very small number of dates of birth,
Social Security or social insurance numbers, account or loan numbers, and tax
identification numbers," the website read.
Motherboard reached out to all the people included in the
samples, either via email or phone. Seven of the people contacted confirmed
that at least one piece of their data published by the hackers was real.
Do you know anything else about a ransomware incident? We’d
love to hear from you. Using a non-work phone or computer, you can contact
Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, lorenzofb
on Wickr and Telegram, or email lorenzofb@vice.com
Alon Gal, the co-founder and CTO of cybersecurity firm
Hudson Rock, alerted Motherboard to the listing.
A Volkswagen spokesperson shared a statement that addressed
the data breach but did not include any information about the sale on the
hacking forum. The spokesperson said that "we cannot comment beyond our
public disclosures."
The hacker who's selling the data told Motherboard that it
did not contain any Social Security Numbers nor drivers' license information.
The hacker said she is asking between $4,000 and $5,000 for the whole database.
000 said she worked with another hacker who goes by General
Badhou3a. 000 explained that she set up a script to scan the internet for
exposed Azure blobs, which are essentially data repositories stored in
Microsoft's cloud. The hacker said she just created a script that would look
for exposed backups by checking for known company domains attached to
"blob.core.windows.net," the default URL for Azure blobs.
"I have a bunch of data just stored," 000 said in
an online chat. "From multiple other sources not only Azure blobs."
The hacker said she obtained the data in March. Volkwagen
said that it was alerted of the breach on March 10 of this year. The company
added that it believes "the data was obtained when the vendor left
electronic data unsecured at some point between August 2019 and May 2021, when
the source of the incident was identified." The company did not identify
the vendor responsible for the breach, saying only that it is used by Audi,
Volkswagen, and some authorized dealers.
The company added that the stolen data ranged from 2014
until 2019, and that it is notifying all victims. Volkswagen said it is sending
emails or letters to the victims, offering free credit monitoring and alerting
them that they may receive phishing attacks using the information stolen. Volkswagen said it’s offering free credit
only tho the approximately 90,000 victims who had more sensitive data stolen.
Comments
Post a Comment