I received an odd email from Tesla showing that a purchase for a wall charger was made from my account. I did not order it and haven't logged into my Tesla account in well over 2 years. I confirmed with my credit card company that the order and charge was placed; so I told them it was fraud and that the shipping/billing address did not match my own. I tried to contact Tesla and got an auto-reply email that they will get back to me within 3-5 business days. Finally, I was able to contact UPS and have the package re-routed back to Tesla so the thief doesn't get the wall charger.
After logging back into my Tesla account, I enabled 2 Factor Authentication and reset my password. While 2FA still isn't 100% safe(hackers can still clone phone and device IDs), it's sure better than nothing. I don't think 2FA was available the previous time I logged in, but it's available now and I recommend you do so. I'm just glad the unauthorized user didn't play with the vehicle controls like blast the volume, running out my battery via HVAC/seat heaters, honking randomly, or opening my sunroof or trunk while it was raining. No other accounts of mine were breached and I'm assuming there might be an issue with Tesla's security. For instance, I'm not sure if there's an account lockout after X number of failed attempts or via an unusual IP address or if there's some sort of notification that an attempt was made. If not, it's not hard at all to create a bot to get through.
I'm not sure if the thief tried to send the wall charger to their own address, if the person at the address is at all connected to the thief, or if they planned to play porch-pirate, but they sent it to a New Jersey residence near a college. I'm assuming it's a college student trying to play hacker.
After logging back into my Tesla account, I enabled 2 Factor Authentication and reset my password. While 2FA still isn't 100% safe(hackers can still clone phone and device IDs), it's sure better than nothing. I don't think 2FA was available the previous time I logged in, but it's available now and I recommend you do so. I'm just glad the unauthorized user didn't play with the vehicle controls like blast the volume, running out my battery via HVAC/seat heaters, honking randomly, or opening my sunroof or trunk while it was raining. No other accounts of mine were breached and I'm assuming there might be an issue with Tesla's security. For instance, I'm not sure if there's an account lockout after X number of failed attempts or via an unusual IP address or if there's some sort of notification that an attempt was made. If not, it's not hard at all to create a bot to get through.
I'm not sure if the thief tried to send the wall charger to their own address, if the person at the address is at all connected to the thief, or if they planned to play porch-pirate, but they sent it to a New Jersey residence near a college. I'm assuming it's a college student trying to play hacker.