Unidentified hackers have hijacked Tesla’s cloud account on Amazon Web Services to mine cryptocurrency, reports the internet security startup RedLock in a blog post.
The hackers got access to the account, which did not have password protection and installed a cryptocurrency mining software called Stratum.
The breach also exposed proprietary data for the electric carmaker, such as Tesla telemetry, mapping, and vehicle servicing data. According to the company, however, the data was that of test Tesla cars and did not affect any customers.
“The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way,” a Tesla spokesperson said, quoted by Fortune. According to the spokesperson, the issue was resolved fairly quickly
In its post RedLock noted that the hackers were smart enough to cover their traces pretty well, so it is not clear how long the mining was going on or what cryptocurrency was being mined. But, according to Varun Badhwar, CEO and cofounder of RedLock, the team did not poke their noses too much and alerted Tesla instead.
As a reward, RedLock got from Tesla $3,133.70—a reference to “1337,” hacker slang for “leet” or “elite”—for reporting their findings. The electric car company of Elon Musk has a bug bounty program and rewards those who report security breaches and software bugs. The max payout is $10 000.
The cryptojacking attacks have become more popular in the past months, with the rising prices of cryptocurrencies. Earlier this month UK’s National Health Service and government websites were infected with malicious code for mining of coins.