Tesla’s Cloud Was Hacked for Mining Cryptocurrency

Electric vehicle maker Tesla Inc. (TSLA) has become the latest company to be hacked by cryptocurrency miners.           

In a blog post, cybersecurity software firm RedLock claimed that Tesla’s Amazon Web Services (AWS) cloud account had been illegally accessed to mine digital coins. The attack reportedly led to some of the Palo Alto, California-based company’s proprietary data, including mapping, telemetry and vehicle servicing, being compromised.

A Tesla spokesperson told Gizmodo that customer information wasn’t infiltrated during the incident. "We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it,” the spokesperson said. "The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way."

RedLock found out about the hack last month after discovering an IT administrative console without password protection. The cybersecurity firm’s researchers said the hackers broke into a Kubernetes console, a Google-designed software application, and then ran scripts from it in order to mine digital coins at Tesla’s expense.

RedLock added that it was impossible to establish who was behind the attack and how much cryptocurrency was mined.

RedLock, which specializes in monitoring Microsoft Azure, Google Cloud Platform and AWS for cloud security and compliance risks, claimed that it came across Tesla’s breach by chance. According to Fortune, the firm was paid a reward of over $3,000 as part of Tesla’s bug bounty program.

Tesla isn’t the first company's cloud to be hacked by cryptocurrency miners. Several businesses and government agencies have fallen victim to cryptojacking attacks over the past year as thieves look for ways to generate virtual currencies such as bitcoin. (See also: Sites Are Using Your Browser to Mine Crypto. It Could Be a Good Thing.)

"Given the immaturity of cloud security programs today, we anticipate this type of cybercrime to increase in scale and velocity," RedLock CTO Gaurav Kumar said in a statement to Business Insider. (See also: Salon Wants to Use Your Computer for Cryptocurrency Mining.)