Tesla account in Amazon Web Services (AWS) was hacked, intruders were secretly mining cryptocurrency. The attempt of hacking was tracked by the company RedLock.
The hackers gained access to the cloud through Tesla account in the service Kubernetes, which was not password-protected.
Tesla stored data on logging into its AWS account, telemetry and other Tesla vehicle data on Kubernetes. Attackers hid the real IP with the help of CloudFlare service, set up software for mining for low energy consumption and used other opportunities that made mining incospicuous, RedLock experts pointed out.
Specialists notified Tesla of the hacking and the consequences were “quickly eliminated”:
“The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”
RedLock didn’t report the information on how long the hackers had been mining cryptocurrency, what exactly and how much they managed to mine. But according to the screenshots of the report, the mining began several months ago.