scorecard
  1. Home
  2. Transportation
  3. Tesla accidentally gave a customer access to the email addresses linked to over 1.5 million accounts on its online forum

Tesla accidentally gave a customer access to the email addresses linked to over 1.5 million accounts on its online forum

Mark Matousek   

Tesla accidentally gave a customer access to the email addresses linked to over 1.5 million accounts on its online forum
Transportation2 min read

Elon Musk

Chris Carlson / Associated Press

Tesla CEO Elon Musk.

  • A Tesla customer accidentally received administrative access to the automaker's online forums, allowing him to see contact information for some Tesla owners, the customer says.
  • Eleff wrote that his was not the only account without a Tesla employee email address to have administrative access to the forums, potentially giving non-employees access to some owners' contact information.
  • "We have no reason to believe that there was any abuse of accounts or content on our forums, and we have taken steps to ensure this does not happen again," a Tesla representative said.

A Tesla customer accidentally received administrative access to the automaker's online forums, allowing him to see contact information for over 1.5 million accounts, the customer says.

Daniel Eleff, who runs the shopping advice website DansDeals, published an account of the incident on the site. Eleff said he had ordered a Tesla Model 3 sedan and, after having difficulties communicating with the automaker's customer service department, wrote about his experience on Tesla's online forums.

Read more: Tesla just had the worst year in its history, but now it's starting to look like the best tech company in the world

Eleff wrote that he later found his post had been deleted and called customer service after he was unable to re-submit the post. After the call, Eleff was given administrative control over the forums, which allowed him to view the contact information for over 1.5 million accounts, he wrote. Eleff wrote that his account was not the only account without a Tesla employee email address to have administrative access to the forums, potentially giving non-employees access to contact information for some owners.

"There are random people and ex-employees who can hijack Tesla's website and view the contact information of all of their customers," Eleff wrote. "It seems crazy to me that a technologically advanced company like Tesla can have such a gaping security hole."

"The customer was inadvertently granted a higher level of permissions than he should have had to the Tesla forum, which is not connected to our vehicles, main website, or other digital channels," a Tesla representative said. "We revoked the access as soon as it was reported, and made other changes to adjust privileges accordingly following a full audit. We have no reason to believe that there was any abuse of accounts or content on our forums, and we have taken steps to ensure this does not happen again."

The representative added that some former Tesla employees had maintained administrative privileges on the forum after they had left the automaker, but Tesla did not find any evidence that any former employees had misused their administrative status. Tesla removed administrative access rights from the accounts of former employees and took measures to prevent former employees from keeping administrative access in the future, the representative added.

Have a Tesla news tip? Contact this reporter at mmatousek@businessinsider.com.

Get the latest Tesla stock price here.

READ MORE ARTICLES ON


Advertisement

Advertisement