On Saturday, the website and Twitter account of electric vehicle maker Tesla was compromised briefly, as well as CEO Elon Musk’s Twitter account. The website was defaced after the DNS for TeslaMotors.com was redirected to another server hosting an image with various messages and faces of a few people.
The DNS may have been compromised through a phishing attack, as is usually the case; however, Tesla has not provided any information regarding the compromise, so that is speculation at this point.
Since the attackers controlled DNS, they could then set-up a temporary email server to reset passwords for the Twitter accounts, which indicates that Tesla likely did not have two-factor authentication enabled on the main corporate account or Elon Musk’s personal account.
An email was sent from the media relations email from the attacker revealing that at least one email account was compromised/redirected.
The compromised Twitter account tweets listed a phone number for a free Tesla, as well as shout outs to various Twitter accounts.
Although there is currently no indication that the security incident escalated further than site defacement and Twitter account takeover, there is valid concern regarding security of the Tesla API used by the Tesla App in their vehicles.
For example, the API for the in-vehicle app makes calls to https://owner-api.teslamotors.com, which although secured, a DNS hijack can cause a substantial disruption of service for the in-vehicle application(s). The bulk of Tesla’s sales also occurs through their website, so it will be interesting to see if this recent breach has an impact on sales/confidence.
After three hours, it appears Tesla was able to regain control of the domain and the affected Twitter accounts.