Tesla Insurance Quotes Hacked?

wiredinstructo · Sep 5, 2021

I'm posting here because I can't find any other way into Tesla to report this issue.

I have a new Model S and was browsing the website via Manage.
I saw the Insurance link. I'm with Farmers, but was curious, so I requested a quote.

Here's where it gets strange. The system has my VIN number associated with another driver. I see the following information about this driver:

His name
The State issuing his driver's license
His Driver's License Number
His Birth date
Street Address
City
Zip
State
Marital status
Driving experience

First thing I did was change the password on my account. I'm worried that if I can see this guy's info --- attached to my VIN, somebody else can see mine attached to who knows what?

This kind of data base error has to be dealt with, but it's Labor Day Sunday and no one is home at Tesla or Tesla insurance. I suggest everyone try getting a quote from Tesla Insurance and see if your VIN and DL info are wacked.

Does anyone know where I can file this information with TESLA?

whitex · Sep 5, 2021

Perhaps submit info to their security team via the bounty program? Not suggesting you will get any bounty, but at least a chance it will get reviewed by someone from the security team who can contact the appropriate insider.

Wol747 · Sep 5, 2021

Did you check you'd entered the VIN correctly? There's an awful lot of characters - easy to mistype one!

whitex · Sep 5, 2021

Wol747 said:
Did you check you'd entered the VIN correctly? There's an awful lot of characters - easy to mistype one!

Even if you type the wrong VIN, the system should not return PII (Personally Identifiable Information) on a VIN which is not linked to your account. In the EU doing so can get your company fined a pretty cent. Maybe in the USA nobody cares yet, though the OP is in California, which has some of the most progressive privacy protection laws. I bet the California government privacy watchdogs know how to contact Elon, or at least did before he moved to Texas.

wiredinstructo · Sep 6, 2021

Wol747 said:
Did you check you'd entered the VIN correctly? There's an awful lot of characters - easy to mistype one!

Yes, checked and rechecked. My VIN, his insurance credentials.

wiredinstructo · Sep 6, 2021

whitex said:
Perhaps submit info to their security team via the bounty program? Not suggesting you will get any bounty, but at least a chance it will get reviewed by someone from the security team who can contact the appropriate insider.

Can you direct me to the security team link? I've found a site called Bugcrowd that has a Tesla link. But I'm not sure if it's the right place.

wiredinstructo · Sep 6, 2021

whitex said:
Even if you type the wrong VIN, the system should not return PII (Personally Identifiable Information) on a VIN which is not linked to your account. In the EU doing so can get your company fined a pretty cent. Maybe in the USA nobody cares yet, though the OP is in California, which has some of the most progressive privacy protection laws. I bet the California government privacy watchdogs know how to contact Elon, or at least did before he moved to Texas.

Agreed, the US is security and privacy dumb. I'm not. That's why all my internal red flags are waving.

whitex · Sep 6, 2021

wiredinstructo said:
Can you direct me to the security team link? I've found a site called Bugcrowd that has a Tesla link. But I'm not sure if it's the right place.

I have not personally submitted any. I know they use bugcrowd for the payouts, but they also list a non-reward email on their security page. [email protected] . Perhaps worth a try?

wiredinstructo · Sep 7, 2021

whitex said:
Perhaps submit info to their security team via the bounty program? Not suggesting you will get any bounty, but at least a chance it will get reviewed by someone from the security team who can contact the appropriate insider.

The page

whitex said:
I have not personally submitted any. I know they use bugcrowd for the payouts, but they also list a non-reward email on their security page. [email protected] . Perhaps worth a try?

Yes! Thank you so much for the email address. Will do. Will also report back on the response.

eJonny · Sep 15, 2021

wiredinstructo said:
The page

Yes! Thank you so much for the email address. Will do. Will also report back on the response.

Tesla Insurance is a very different organization than Tesla Motors. The underwriter just seems to have some type of relationship with someone at Tesla Motors. They are not a very sophisticated or automated organization with a very spotty customer service record and failure to follow up on basic questions.

I'm very interested on how this goes for you.

For your information, I have had multiple negative experiences with Tesla Insurance including bounced claims checks, failures to follow up with me, and even failure to communicate to California DMV that I was properly insured by them (which resulted in a DMV letter to me advising the issue be resolved or my drivers license would be suspended).

Make sure you document everything. Good luck!

phanone · Sep 15, 2021

Holy moly...I just tried getting a quote for my vehicle and it shows up with another name/family with different driver's license info.....omg

Ostrichsak · Sep 16, 2021

eJonny said:
Tesla Insurance is a very different organization than Tesla Motors. The underwriter just seems to have some type of relationship with someone at Tesla Motors. They are not a very sophisticated or automated organization with a very spotty customer service record and failure to follow up on basic questions.

Wait, how is this "very different" since you basically described Tesla's model to the letter. Sounds like a match made in heaven!

Search

Tesla Insurance Quotes Hacked?

wiredinstructo

Member

whitex

Well-Known Member

Wol747

Active Member

whitex

Well-Known Member

wiredinstructo

Member

wiredinstructo

Member

wiredinstructo

Member

whitex

Well-Known Member

wiredinstructo

Member

eJonny

Member

phanone

Member

Ostrichsak

Well-Known Member

Similar threads