iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Threat actors have claimed to have uploaded data pertaining to Tesla electric vehicle (EV) charging stations.
The incident was claimed by CyberN-----s members IntelBroker and EnergyWeaponUser, who originally said it was a Tesla EV charging station database containing files that belonged to Tesla.
However, thanks to a tipoff by researcher DarkWebInformer and IntCyberDigest, the threat actors amended the listing to say it was a “random 3rd party company which was hosting and holding their information” that owns the data and was breached.
🚨🇺🇸IntelBroker and EnergyWeaponUser Have Claimed to have Leaked Tesla EV Charging Stationhttps://t.co/zbi1FfAjnE
— Dark Web Informer (@DarkWebInformer) November 19, 2024========================
IntelBroker wrote that the data affected those in the Middle East and the United Arab Emirates (UAE) and that there were 116,000 rows of data, including full names, locations, payment information, car make and model and car VIN numbers.
However, in the data sample posted by the threat actors, the data largely pertained to people in the United States territory of Puerto Rico.
Additionally, as pointed out by researchers at CyberNews, Tesla only tracks data relating to its vehicles and stations, while the sample lists cars from Audi, Porsche, Volvo and Tesla.
Speaking with IntCyberDigest before discovering the data did not belong to Tesla, IntelBroker said that “it was really bizarre how we found [the data].”
The threat actor said he used hard-coded credentials to traverse a number of systems before stumbling upon four Azure storage buckets containing .xlsx-files with customer data. They then “just sorted from the largest to the smallest and downloaded them”.
IntCyberDigest then revealed that the data appeared not to come from Tesla but instead from a firm called Numocity, a manufacturer of EV charging software, middleware, smart charges and more.
Numocity has yet to publicly acknowledge the incident, as has Tesla or its CEO, Elon Musk.
Last year, Tesla blamed two former employees for a data breach that affected 75,000 of its staff.
In a notice filed with the Maine Attorney-General on 18 August 2023 and issued to Tesla staff, the company announced that two ex-employees were to blame for the data breach that occurred in May, resulting in the personal information of 75,735 individuals being compromised.
The breach was first outed by Handelsblatt, a German publication, which announced that 100 gigabytes worth of data had been stolen and leaked by a “disgruntled former employee” who utilised their position as a service technician to access the data.
Handelsblatt told Tesla that the data included identifiable information, including names, addresses, phone numbers and Social Security numbers. This data included Elon Musk’s own social security number, according to the publication.
Other data included private email addresses, employees’ salaries, customer bank details and confidential information regarding Tesla production.
Be the first to hear the latest developments in the cyber industry.
