Hackers broke into the Tesla account in the cloud service Amazon Web Services and set up a cloud for mining crypto, – the company Redlock, specializing in cyber security. Access to the Tesla account hackers could be obtained through the Kubernetes console, which is used to optimize and debug cloud applications. The console was not password-protected, and it had the data necessary to access the company account.
Hacking itself was discovered back in January, but it was not possible to find out from whom the leak occurred. Now it became clear that it was due to the negligence of the company’s employees. Having access to the Tesla account, the hackers launched the Stratum mining algorithm, which hid the real IP address of the mining service and redirected the server’s core capacity to the production of crypto currency, while remaining invisible. After detecting hacking, RedLock specialists notified Tesla, which in a few hours removed the vulnerability.
Official representatives of the company said that the problem was only for cars intended for internal use, and personal data of users and the safety of their cars were not endangered.
Experts at RedLock note that Tesla is not the only company affected by the miners. Up to 60 percent of organizations that use cloud services are subject to hacking. Previously, similar accounts were hacked accounts of the international insurance company Aviva and the manufacturer of SIM-cards Gemalto.