Tesla’s Amazon Web Services (AWS) cloud account has been compromised by hackers and used for cryptocurrency mining, according to cyber security specialist RedLock.

It said other major firms were affected by similar problems and the incident marks another case of what is known as “cryptojacking.”

Go deeper with GlobalData

Data Insights

The gold standard of business intelligence.

Find out more

Discover B2B Marketing That Performs

Combine business intelligence and editorial excellence to reach engaged professionals across 36 leading media platforms.

Find out more

Tesla said that it did not see any initial impact on customer data protection or the safety and security of its vehicles.

RedLock said the hackers not only gained unauthorized access to non-public Tesla data, but were also stealing compute resources within Tesla’s Amazon Web Services (AWS) environment for cryptojacking. The researchers immediately informed Tesla of its findings, and the vulnerabilities have already been addressed, RedLock said.

The Tesla findings build on research from last year, when a RedLock team found that hundreds of Kubernetes administration consoles were accessible over the internet without password protection, and were leaking credentials to other critical applications. In Tesla’s case, the cyber thieves gained access to Tesla’s Kubernetes administrative console, which exposed access credentials to Tesla’s AWS environment. Those credentials provided unfettered access to non-public Tesla information stored in Amazon Simple Storage Service (S3) buckets.

In addition, the cyber thieves performed cryptojacking using Tesla’s cloud compute resources and employed specific techniques to evade detection. For example, instead of the more familiar public ‘mining pool,’ they installed mining pool software and configured the malicious script to connect to an ‘unlisted’ endpoint. That, RedLock maintains, makes it harder for standard IP/domain-based threat intelligence feeds to detect malicious activity.

GlobalData Strategic Intelligence

US Tariffs are shifting - will you react or anticipate?

Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.

By GlobalData

Other tricks included hiding the true IP address of the mining pool server behind CloudFlare, and likely keeping CPU usage low to further evade detection.

More details from RedLock about the Tesla incident.

Just Auto Excellence Awards - The Benefits of Entering

Gain the recognition you deserve! The Just Auto Excellence Awards celebrate innovation, leadership, and impact. By entering, you showcase your achievements, elevate your industry profile, and position yourself among top leaders driving automotive industry advancements. Don’t miss your chance to stand out—submit your entry today!

Nominate Now