Hackers gained access to Tesla‘s cloud account where they had access to sensitive data — such as vehicle telemetry — and used the account to mine cryptocurrency. The breach was discovered by happenstance last month by cybersecurity firm RedLock when looking into an open account left unprotected on a Google system used for optimizing cloud applications.
Although the situation was rectified, a Tesla spokesperson has come out to say: “We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”
RedLock CTO Gaurav Kumar told Gizmodo:
The recent rise of cryptocurrencies is making it far more lucrative for cybercriminals to steal organizations’ compute power rather than their data. In particular, organizations’ public cloud environments are ideal targets due to the lack of effective cloud threat defense programs. In the past few months alone, we have uncovered a number of cryptojacking incidents including the one affecting Tesla.
In related news, SpaceX has launched satellites in order to potentially provide broadband for Tesla.