Hackers used Tesla public cloud account to mine Bitcoin

Hackers gained access to Tesla’s AWS cloud account in order to mine cryptocurrency, researchers for RedLock have discovered.

The breach was found while researchers investigated how Tesla’s AWS credentials became open to the public internet, reports The Verge.

A Tesla spokesperson said: “We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it.

“The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”

RedLock has warned that around 58 per cent of firms using public cloud services such as AWS, Microsoft Azure or Google Cloud have at least one publicly exposed, leaving them vulnerable to this kind of cryptojacking.

RedLock CTO Gaurav Kumar told Gizmodo: “The recent rise of cryptocurrencies is making it far more lucrative for cybercriminals to steal organizations’ compute power rather than their data. In particular, organizations’ public cloud environments are ideal targets due to the lack of effective cloud threat defense programs.

“In the past few months alone, we have uncovered a number of cryptojacking incidents including the one affecting Tesla.”