Digital Privacy Industry News

Tesla Data Leak: Pre-Owned Vehicle Infotainment Components Store Owners’ Personal Details and Passwords

According to white hat hacker GreenTheOnly, Tesla forgot to wipe personal information of customers from previously used infotainment and Autopilot hardware.The discovery came about after Green found and purchased four pre-owned Tesla components from Ebay.

“Bad news Sunday. If you had infotainment computer in your Tesla replaced (model3 FSD upgrade, mcu2 retrofit, mcu1 emmc fix or any other fixe requiring computer swap) – consider all accounts you logged into from the car compromised and change pwds,” said Green in a Twitter post on May 3.

While normal vehicle infotainment systems can store phone numbers, audio media and addresses, Tesla components also enable access to video- and audio-streaming platforms such as Netflix and Spotify.

You can also check if your private data has been exposed online! Use Bitdefender’s Digital Identity Protection tool to see where you stand at the moment and what the internet knows about you.

In some of the systems, the researcher found Netflix session cookies that could be used to gain access to the owner’s account, while others included stored Gmail cookies, WiFi passwords and Spotify passwords in plain text.

“In particular if you log into spotify – the password is stored in plain text. gmail and netflix are stored as a cookie but still give a potential attacker access. The of course all recent calendar events and your phone book and calls history too,” Green added.

The company says upgrading a car’s hardware to gain access to new features and upgrades is performed in Tesla service centers, and owners can also request the transfer of their personal data and preferences to the new installations.

While service centers should destroy any pre-owned hardware, or at least wipe existing personal information, it is unclear how the hardware found its way onto the Ebay marketplace.

Green also notified Tesla representatives of his findings.However, the company failed to notify affected customers, and has yet to release an official statement.

Tesla owners that wish to sell their vehicles are advised to manually wipe the data from their infotainment systems, and should they opt for upgrading their car with new fittings, they should make sure that the service center properly disposes of the hardware and deleted any existing information.

About the author

Alina Bizga

Alina has been a part of the Bitdefender family for some years now, as her past role involved interfacing with end users and partners, advocating Bitdefender technologies and solutions. She is a history buff and passionate about cybersecurity and anything sci-fi. Her spare time is usually split between her two feline friends and traveling.