Tesla Amazon Cloud Account Hijacked to Mine Cryptocurrency

RedLock, a cybersecurity firm, says 58 percent of businesses expose their cloud services to the public. Eight percent of these are victims of a cryptojacking attack. In which Tesla’ Amazon cloud account was hijacked.

Advertisement Advertisement

Tesla, the company which is pioneering electric cars, was targeted in the cryptojacking attack. Hackers hijacked an administrative console of Tesla’s Amazon cloud account. They then installed crypto-mining scripts or software to mine cryptocurrency.

Tesla has since addressed the problem, according to one of their spokesman.

“We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it.”

Additionally, he said the problem did not lead to a compromise of client privacy or vehicle safety or security. It was, instead, limited to internally used engineering test cars only.

Most of the cryptojacking efforts are mining Monero cryptocurrency. However, it is not clear what cryptocurrency these hackers were mining or the number of coins mined.

The hackers accessed “simple storage service” (S3) containing telemetry, mapping, and vehicle servicing data. This is according to RedLock, a cybersecurity firm that found out the problem.

The firm received $3,133.70 by Tesla as reward acquired from bounty program through which Tesla rewards hackers for finding flaws in their system.  The amount is a reference to  1337, an old hacker slang for the elite.

The hackers tried to hide their intentions by lowering CPU usage of the Stratum software they used to mine. They also protected their IP behind CloudFlare according to RedLock.

More businesses on cloud face cryptojacking

Meanwhile, RedLock says about  58% of companies expose their cloud services (at least one device) to the public. Eight percent of these have fallen to cryptojacking.

Tesla is not the only victim of cryptojacking in the recent past. Read about some more here. An example is government websites in Australia as well as an exploit on ads through YouTube.

Find us on Twitter and Telegram for more information on Cryptojacking.

Show More


David Kariuki is a journalist who has a wide range of experience reporting about modern technology solutions including cryptocurrencies. A graduate of Kenya's Moi University, he also writes for Hypergrid Business, Cryptomorrow, and Cleanleap, and has previously worked for Resources Quarterly and Construction Review magazines.

Related Articles

Back to top button