I watched this video (and I dont normally watch videos online from people who post here that say "look at my video".)
To summarize what I saw:
1. the "compromised" state was brought about by phishing the users credentials, to generate a token.
2. Once credentials are stolen from the user, the person stealing the credentials can do everything that the user could do with those credentials, including unlocking the car, etcc.
3. How to prevent: Use strong passwords / dont share passwords
Bonus: An advertisement for penetration testing from your company in the middle of the video.
Did I miss anything?
EDIT: One thing that is important to consider, is that all the people who use tesla credentials "somewhere else" like teslafi, stats, etc all increase their risk of something like this, because those services could be compromised as well.
This was covered very well by one of our posters (
@camalaio )in the following thread, which also goes into some detail around this topic (but in text form instead of watching a video).
PSA: Don't use third-party apps and services, period.