Tesla owner warning others after being locked out of car, account hacked
Posted August 23, 2023 8:45 am.
Since he bought his Tesla nearly four years ago, Usama Haider has been a big, unofficial promoter of the brand.
“It’s the best commuter car I’ve owned,” he said. “I would tell my family and friends about the benefits and some of them bought Teslas too.”
Not having to fill the tank with gas in the fully electric car is one benefit. But he also loves the technology.
“It does everything for you, it’s easy to use.”
But that convenience came at a cost recently. It started after he noticed a strange charge, from Tesla, on his credit card account.
“I then go into my Tesla account, through the app, and I am logged out of it.”
The Tesla app is used by owners to access the car and someone had changed Haider’s account details, including the email associated with it.
“Basically, through the app, you can do anything and everything through the car.”
As a backup, owners are given a key card which looks much like a credit card.
“If you’re logged out of the app you need to have that key card,” Haider said. “Unfortunately, in my case, my key card was inside the car so I was unable to unlock the car at all, I was locked out.”
But that wasn’t the only issue.
“This person put a charge on my Tesla account for $734,” he said, adding that the suspect ordered a charger.
According to several online forums, Haider isn’t alone. Other owners have complained about the same thing where accounts are hacked, chargers ordered, then sold online.
In Haider’s case, the suspect also changed the delivery address from his home to a house in Milton some 40 kilometres from his Brampton home.
CityNews went to the address, the homeowner – who asked not to be named – had no idea why his address was listed.
“I have not ordered any Tesla chargers,” he told us. He plans on calling the police, who are investigating that he’s not involved.
As for why his address was listed and who’s behind the hack, it remains unknown. But cyber experts are not surprised hacks like this are happening.
“This is a very common thing,” said Robert Falzon with Check Point Software Inc. based in Canada.
“I think the issues in this particular situation were really more related to cybersecurity practices in general.”
Falzon says Haider, and other Tesla owners, should set up multi-factor authentication which could have prevented the hack. It requires users to go through additional steps to access their accounts.
“This is really a cybersecurity issue related to authentication. Not so much specific to the vehicle itself,” Falzon said, noting as more vehicles move to app-based access, this won’t be a problem for just Tesla owners.
“We do have to pay more attention to what data and what sort of apps we have on our devices and how that’s protected.”
While it’s ultimately up to vehicle owners, Falzon says companies could be doing more to encourage added levels of security.
“Having something like two-factor or even multi-factor authentication turned on now is absolutely necessary, but we still don’t see a demand for organizations to move customers in that direction.”
Haider does not recall being told to set it up when he bought the car.
Tesla did not respond to our request for comment but the company’s website encourages owners to set up multi-factor authentication with detailed instructions on how to do so.
Haider’s bank reversed all charges and Tesla restored his access, which is now equipped with multi-factor authentication.
“I didn’t think it was going to be needed for something like Tesla but it turns out, I was wrong.”
If you have an issue story or question you’d like us to look into, reach out to us here.
