+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Tesla accidentally gave a customer access to the email addresses linked to over 1.5 million accounts on its online forum

Nov 20, 2018, 01:11 IST

Chris Carlson / Associated Press

Advertisement
  • A Tesla customer accidentally received administrative access to the automaker's online forums, allowing him to see contact information for some Tesla owners, the customer says.
  • Eleff wrote that his was not the only account without a Tesla employee email address to have administrative access to the forums, potentially giving non-employees access to some owners' contact information.
  • "We have no reason to believe that there was any abuse of accounts or content on our forums, and we have taken steps to ensure this does not happen again," a Tesla representative said.

A Tesla customer accidentally received administrative access to the automaker's online forums, allowing him to see contact information for over 1.5 million accounts, the customer says.

Daniel Eleff, who runs the shopping advice website DansDeals, published an account of the incident on the site. Eleff said he had ordered a Tesla Model 3 sedan and, after having difficulties communicating with the automaker's customer service department, wrote about his experience on Tesla's online forums.

Read more: Tesla just had the worst year in its history, but now it's starting to look like the best tech company in the world

Advertisement

Eleff wrote that he later found his post had been deleted and called customer service after he was unable to re-submit the post. After the call, Eleff was given administrative control over the forums, which allowed him to view the contact information for over 1.5 million accounts, he wrote. Eleff wrote that his account was not the only account without a Tesla employee email address to have administrative access to the forums, potentially giving non-employees access to contact information for some owners.

"There are random people and ex-employees who can hijack Tesla's website and view the contact information of all of their customers," Eleff wrote. "It seems crazy to me that a technologically advanced company like Tesla can have such a gaping security hole."

"The customer was inadvertently granted a higher level of permissions than he should have had to the Tesla forum, which is not connected to our vehicles, main website, or other digital channels," a Tesla representative said. "We revoked the access as soon as it was reported, and made other changes to adjust privileges accordingly following a full audit. We have no reason to believe that there was any abuse of accounts or content on our forums, and we have taken steps to ensure this does not happen again."

The representative added that some former Tesla employees had maintained administrative privileges on the forum after they had left the automaker, but Tesla did not find any evidence that any former employees had misused their administrative status. Tesla removed administrative access rights from the accounts of former employees and took measures to prevent former employees from keeping administrative access in the future, the representative added.

Have a Tesla news tip? Contact this reporter at mmatousek@businessinsider.com.

Advertisement

NOW WATCH: This LEGO Bugatti Chiron is drivable - here's what it can do

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article