Hackers hijacked Tesla-owned Amazon cloud account and used it for cryptocurrency mining.
RedLock, the company involved in cybersecurity, has found the hack of the account on Amazon Web Services, the cloud services platform. It turned out that the account’s owner was Tesla. But the researches were not the first to find it.
Hackers broke the account with the help of Google's Kubernetes console, open source software for automating deployment, scaling and management of containerized applications. The Tesla account on Kubernetes was lacked password protection.
However, the hackers needed the Tesla account not for data theft, but for the power for cryptomining. They hid their tracks using the Cloudflare service.
RedLock immediately notified Tesla about the hijack and quickly removed the vulnerability. According to the representative of Tesla, there were no signs of leak of customer privacy or car safety data. “The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way,” the Tesla’s spokesperson said.
According to RedLock estimation, 58% of organizations using public cloud services such as Microsoft Azure or Google Cloud walk on thin ice and in fact remain open to attacks.
Redlock’s CTO, Gaurav Kumar, said: “The recent rise of cryptocurrencies is making it far more lucrative for cybercriminals to steal organizations’ compute power rather than their data.”