Tesla hacking highlights needs for greater cloud security

- February 21, 2018 < 1 MIN READ

The news that electric car manufacturer Tesla’s Amazon account was hacked to mine cryptocurrencies comes as a timely reminder that data breaches can hit even the big end of town.

Reports suggest the company was targeted by several unknown hackers who cryptojacked the account to generate virtual currencies on Tesla’s computers.

The cryptojacking was picked up RedLock, a cybersecurity startup, who discovered the intrusion whilst trying to uncover which organisation had left credentials for an Amazon Web Services (AWS) account open to the public.

After investigation Redlock found the company was Tesla. RedLock said they discovered Tesla’s credentials on an unsecured IT administrative console that lacked password protection.

Speaking with Fortune, CEO and co-founder of Redlock, Varun Badhwar, said they were not the first people to discover the flaw.

“Clearly, someone else had launched instances that were already mining cryptocurrency in this particular Tesla environment,” Badhwar said.

Badhwar suggested the hack had potentially exposed one of Tesla’s Amazon simple storage servers providing access to Tesla telemetry and vehicle data.

“It didn’t have personally identifiable information, per se,” Badhwar said.

Tesla has been quick to point out no customer data was involved in the breach and the car making giant believes the hack was isolated to data on internally used test cars only.