Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

Account Security Risk?

This site may earn commission on affiliate links.
V

voltronhb

Member
Aug 7, 2016
99
69
Orange County, CA
#1
I received an error on the Tesla mobile app stating “Sign-In Failed. There are no products linked to your Tesla account.” I have 2 Teslas and they were no longer there. After speaking to a Tesla representative, they made it aware that the name on the account was no longer under my name. They’re working on resolving it.

My concern is if someone else received access to my Tesla accounts, they would be able to know the location and access the car. I’m not sure if this was a mistake by Tesla or if someone maliciously tried accessing our accounts. Either way, this can be a security risk if Tesla doesn’t have proper controls in place to ensure accounts are protected.
 
  • Informative
Reactions: Bueno and Christine69420
#2
Agreed, from what I've experienced is the only way someone would be able to remove another persons name from your Tesla account would be to provide valid registration and a copy of their Licence to Tesla.

I would hope its only an issue in Tesla's side and is resolved.

Not to alarm you but: If someone else does have access to your account and you own an MDL S or X pin to start will only slow down the person as they would only have to login on the pin screen to bypass. If MDL 3 then they would just have to unlock and start via app. If they are smart enough to take your account and remove your name from it then I would assume they would know to disable mobile access which intern would not let Tesla know where the vehicle is (coming from news of others that have had stolen Tesla's). I would suggest keeping them in the garage until issue is resolved and use a stronger password when you get everything resolved. Use something like lastpass.com/password-generator .
 
  • Informative
Reactions: voltronhb
#3
Tesla was able to add the two vehicles back. I needed to provide a copy of my license and registration. This was a frightening experience but Tesla escalated and resolved it. They explained that someone logged into my Tesla account online and changed the ownership of the vehicles. After they changed the vehicle ownership, the 2 Teslas dropped off my account. I didn’t even know this was possible through the website.

I have a relatively complex password but I’m not surprised it may have been compromised. By having a Tesla account, I understand I’m trading convenience for this risk. If I was a hacker and compromised someone’s password, accessing the Tesla account would be on top of my list. I would get the person’s location, get access to their car and view any documents that were uploaded such as a driver’s license.

We really need multi factor authentication for our accounts and Tesla needs to hide/delete documents with PII that are longer needed such as the driver’s license.
 
Last edited:
  • Like
Reactions: Bueno and dusdev
#5
voltronhb said:
Tesla was able to add the two vehicles back. They explained that someone logged into my Tesla account online and changed the ownership of the vehicles. After they changed the vehicle ownership, the 2 Teslas dropped off my account. I didn’t even know this was possible through the website. This is a big vulnerability. If I was a hacker and compromised someone’s password, accessing the Tesla account would be on top of my list. I would get the person’s location, get access to their car and view any documents that were uploaded such as a driver’s license.

We really need multi factor authentication for our accounts and Tesla needs to hide/delete documents with PII that are longer needed such as the driver’s license.
Click to expand...


Not sure if this will help, but when I first considered getting a Tesla, I researched various security aspects of the car. One of the recommendations was to create a unique email that was "complicated/random" just for the account. This wouldn't stop someone who might snoop tesla's database, nor your computer or phone. But it would stop someone who might find other email accounts that you use regularly and depending on password strength, be able to get in that way. In so far as snooping goes, general perspective is that if you are using WiFi, you should use a VPN. Agree they need to offer 2FA as an option for website access.
 
  • Informative
Reactions: Bueno and voltronhb
You must log in or register to reply here.

Similar threads

M
national security risks posed by Chinese-made ‘smart cars’
Replies
14
Views
448
Electric Vehicles
oldsport
O
W
Important to remove totaled car (now in Ukraine) from Tesla account?
Replies
1
Views
314
Insurance
SucreTease
SucreTease
E
Tesla Mobile app: command failed on any actions
Replies
8
Views
669
Software: Firmware Updates, Features, Tesla App
Apoxer
A
R
The way of disable Youtube on Model X (not tested on other models)
Replies
2
Views
506
Model X: User Interface
Tiger
Tiger
V
Optiwatt questions
Replies
0
Views
302
My Garage
vishnumrao
V
Top
Back
Blog
New
Forum list
Marketplace
Menu