They really should have used a password.
Security researchers from RedLock discovered that Tesla’s cloud accounts had been hacked and were being used to mine cryptocurrency. How did Tesla get hacked? Through an unsecured administrative console.
Hackers had an easy time entering through the console which was not password protected, and installed mining software on Tesla’s Amazon cloud service accounts. The hackers were rather smart in hiding their mining, using a non-standard port to connect to the internet, and not using well known mining pools.
Unfortunately, this hack also exposed private data including sensitive telemetry information. Tesla has stated that no customer information was exposed. “We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way,” said Tesla in a statement.
Once again, a tech company who people are placing their trust, their security, and in Tesla’s case, their safety, couldn’t be bothered to take minimal cybersecurity steps to protect themselves and their customers.
Source: Ars Technica