Tesla has confirmed that hackers have compromised its cloud computing platform to mine cryptocurrency, after the incident was discovered by cloud security firm RedLock.
The hackers have breached the Tesla cloud servers and have installed a crypto currency miner, the company fixed the issue exploited by the hackers “within hours.”
The attackers gained access to the Tesla’s Amazon Web Services environment on a Kubernetes console that was reportedly not password-protected. The console is used by companies to manage the infrastructure deployed on the cloud hosting providers.
“According to RedLock, the hackers discovered log-in details to Tesla’s Amazon Web Services environment on a Kubernetes console – a system originally designed by Google to manage applications. The console was reportedly not password-protected.” states the BBC.
RedLock experts discovered a “pod” inside the Kubernetes console that stored login credentials for one of Tesla’s AWS cloud infrastructure.
The security breach happened in 2017, according to the company no customer data had been stolen.
“Our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way,” said a Tesla spokesman.
According to RedLock, the exposed AWS buckets contained sensitive information, including telemetry data.
“The hackers had infiltrated Tesla’s Kubernetes console which was not password protected. Within one Kubernetes pod, access credentials were exposed to Tesla’s AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry.” reads a blog post published by RedLock.
Tesla promptly fixed the problem once RedLock notified its discovery.
RedLock added that the security breach was caused by Tesla engineers that forgot to implement an authentication mechanism to the Kubernetes console.
Because they used a custom mining pool, it is unclear how much money this hacker group made.
RedLock confirmed that other companies left their bucket exposed online last year, including Aviva and Gemalto.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – Tesla, data breach)
[adrotate banner=”5″]
[adrotate banner=”13″]
Apple confirmed that a security flaw in its Messages app was actively exploited in the…
Trend Micro fixed multiple vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer…
Security researchers at Citizen Lab revealed that Paragon's Graphite spyware can hack fully updated iPhones…
Two vulnerabilities in SinoTrack GPS devices can allow remote vehicle control and location tracking by…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Wazuh, and WebDAV flaws to its Known…
Over 40,000 internet-exposed security cameras worldwide are vulnerable to remote hacking, posing serious privacy and…
This website uses cookies.