Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

help tesla account hacked

This site may earn commission on affiliate links.
So here is an Update.

I still had access on my mobile app and luckily the order history in there had the invoice for the fraudulent wall charger which had the email listed. They used the same email but "protonmail.com" as the domain. They kept the same password. I was then able to login and regain my account. The address listed on the invoice was 1300 Virgil Street, Las Vegas NV. I did a records search and found the address registered to Ramon Nungaray

View attachment 800433
So time for a Vegas road trip? Good thing that "what happens in vegas, stays in vegas," eh? ;)

Glad you got it worked out.
 
Very sorry to hear this.

Just out of curiosity, did you have dual factor autherntication activated before this happened?
I am asking because on The Verge they were talking about cloned SIM cards from
cellular store workers operating with gangs for extra income, allowing them to mirror your phone
and figure out the code generator.
 
Very sorry to hear this.

Just out of curiosity, did you have dual factor autherntication activated before this happened?
I am asking because on The Verge they were talking about cloned SIM cards from
cellular store workers operating with gangs for extra income, allowing them to mirror your phone
and figure out the code generator.

I did not. 2FA would have prevented this I think. I never enabled it because I had no idea Tesla would allow someone to change your account email without any verification or notification. Let alone order products from the shop without entering a credit card number and using the wrong billing address. Most companies even with cards on file or saved will make you at the very least enter the 3 digit security code.
 
I hate that this happened to you and I hope you are able to get it as well as any money back but I have a legit question. How do so many people have free supercharger miles ? I think that before you could get free miles with people using your link to order their car which mostly helped youtubers but how do regular people get them?

I have a 2017 S. When I bought it if you used a referall code you got free supercharging for life, but not linked to the car. So it won't transfer if I ever sell the car.
 
I have a 2017 S. When I bought it if you used a referall code you got free supercharging for life, but not linked to the car. So it won't transfer if I ever sell the car.
That's insane, I which they had any promotions right now. The sad thing is that once the demand dies down a little bit they will probably start offering promotions to new customers but existing ones don't get them.
 
I did not. 2FA would have prevented this I think. I never enabled it because I had no idea Tesla would allow someone to change your account email without any verification or notification. Let alone order products from the shop without entering a credit card number and using the wrong billing address. Most companies even with cards on file or saved will make you at the very least enter the 3 digit security code.
So would using a password manager and not reusing passowrds.
 
Bring this thread back up because my Tesla account has been hacked as well. I switched to 2FA (it didn't exist when I last logged in). Dude bought a wall charger yesterday and left on one the cart. I emailed Tesla, but got the auto-response of...we'll get back to you 3-5 business days. I'm able to track the package via UPS and redirect the delivery if I sign up for a UPS account. I contacted my credit card company to report the fraud and to get a new credit card just in case. Like the OP, the billing address for Tesla did not match the billing address on the CC. Yes, the recipient's address many not be the same as the fraudster so I'm not going post their address in NJ. Had this been done through the US Postal Service, I would alert my brother-in-law who is a postal inspector to see if their local guy would want to set up a sting at the address.

So if you haven't already set up 2FA, I highly recommend that you do so now.

edit: I called UPS and they will reroute the package back to Tesla.
 
Last edited:
Did you cancel the order?

Can I edit or cancel my order?
We try to ship orders as soon as possible. However, if the order is not yet actioned by our distribution center, it may be possible to cancel the order. To verify eligibility for cancellation, please visit the Order History section of your Tesla Account. From there, select the order containing the item you wish to cancel. If the item(s) are eligible for cancellation, the option will be presented beneath the order total. If the order is being processed by our distribution center or has already shipped, but the item is still eligible for return, then the option to initiate a return will be shown instead. If the item(s) are ineligible for cancellation or return, then neither option will be shown.
 
Bring this thread back up because my Tesla account has been hacked as well. I switched to 2FA (it didn't exist when I last logged in). Dude bought a wall charger yesterday and left on one the cart. I emailed Tesla, but got the auto-response of...we'll get back to you 3-5 business days. I'm able to track the package via UPS and redirect the delivery if I sign up for a UPS account. I contacted my credit card company to report the fraud and to get a new credit card just in case. Like the OP, the billing address for Tesla did not match the billing address on the CC. Yes, the recipient's address many not be the same as the fraudster so I'm not going post their address in NJ. Had this been done through the US Postal Service, I would alert my brother-in-law who is a postal inspector to see if their local guy would want to set up a sting at the address.

So if you haven't already set up 2FA, I highly recommend that you do so now.

edit: I called UPS and they will reroute the package back to Tesla.

Were you able to access your tesla account? If you still access via the app you can see the email they used on the receipt. I imagine they changed your tesla account email
 
Were you able to access your tesla account? If you still access via the app you can see the email they used on the receipt. I imagine they changed your tesla account email
They did not. I don't think their goal was to hijack my account, but to score a free wall charger. The fact that the shipping address was next to a college in New Jersey makes me think this was done by a college student. I've since switched to 2 factor authentication through Tesla and changed my old weak but unique password with a new lengthy passcode. I've never knowingly had an account breached before and now I'm stepping up security for all my accounts that have my personal information and/or financial information.
 
Tesla is not known for shipping orders next business day. It usually takes at least 3 days. You will receive a confirmation email the same day of the order, as you did. Go in and cancel the order as I said above. No free wall charger and no issue except securing your account.
 
Resurrecting this thread so others will learn from this. Our account was hacked this week and much of the same was similar to the stories here:

1. They never changed the password on the account, BUT...I was distracted by the fact that they subscribed my to hundreds of newsletters from all over the globe.
2. When I got the 'changed email address' notice on my actual email account, I immediately tried to log in and when I couldn't, I drove directly to the Tesla service center where they submitted a ticket that they said could take up to 72 hours to resolve. They did this because the only way to submit a ticket is through your Tesla account, which I didn't have access to.
3. Just know that you should try your old password with the new email address just in case they used a dummy email that they cannot use to check for password change links.
4. They ordered two wall chargers. By the time I regained access to my account, they already showed shipped (about 3 days). I clicked return on both and was emailed a return shipping label, which includes the address they will be delivered to. In this case, Yuma, AZ. I locked the credit card on file too late, but we're talking about maybe <2 hours from hack to lock.
5. My key card still worked and my wife's phone and key card still worked the entire time.

Questions:
- Why doesn't Tesla require confirmation for an email change like they do password changes?
- Why didn't I immediately setup MFA (this is the better question)? SET UP MFA as soon as possible!
- For those who found where the items ordered would be delivered, did you file a police report in that city?
 
  • Like
Reactions: viper2ko
Questions:
- Why doesn't Tesla require confirmation for an email change like they do password changes?
- Why didn't I immediately setup MFA (this is the better question)? SET UP MFA as soon as possible!
- For those who found where the items ordered would be delivered, did you file a police report in that city?

Glad you figured this out and addressed the issue. As for MFA, I don't think it existed for Tesla accounts until sometime in 2020. So most owners/users prior to 2020 probably aren't aware of it since it's setup off the Tesla account website and not the app (which is much more frequently used).
 
  • Like
Reactions: derriX