Over the weekend, Tesla Motors’ official website, its Twitter accounts for the U.S. and Europe, and the Twitter account of Tesla CEO Elon Musk, were the victims of a malicious hacking attempt in which its web traffic and email were sent to a spoof website.
At the time, we surmised that Tesla Motors [NASDAQ:TSLA] had been the victim of a DNS redirect — where hackers had managed to access the records which tell other computers the 12-digit IP address of the Tesla servers — redirecting traffic destined to Tesla’s servers to the hacker’s chosen computer.
Today, Tesla has confirmed that’s exactly what happened. But the security flaw didn’t originate from Tesla: it originated from cellphone provider AT&T.
According to Tesla, someone called AT&T’s customer service pretending to be an employee of the Californian automaker. After convincing customer support that they were a legitimate Tesla employee, the hacker then asked Tesla to forward all of the calls to that cellphone to a new telephone number.
We’re guessing, although it isn’t stated, that cellphone was used by Tesla as the main administrative contact used by two-factor authentication services. With the mobile calls forwarded to a new number, the hackers would also be able to receive two-factor authentication calls and text messages designed to protect against hackers resetting passwords to any Tesla-associated accounts.
With calls forwarded, the hackers then accessed the administrative account of Tesla’s webhosts, resetting the password and gaining access to Tesla’s email accounts as well as rerouting any traffic to their chosen spoof site in the process.
From with access to emails and the backup phone number, accessing Tesla’s various twitter streams — and that of Tesla CEO Elon Musk — was an easy jump.
Tesla’s Chief of Communications, Ricardo Reyes, provided us with the following official statement moments ago.
This case is under investigation, here’s what we know: Posing as a Tesla employee, somebody called AT&T customer support and had them forward calls to an illegitimate phone number. The impostor then contacted the domain registrar company that hosts teslamotors.com, Network Solutions. Using the forwarded number, the imposter added a bogus email address to the Tesla domain admin account. The impostor then reset the password of the domain admin account, routed most of the website traffic to a spoof website and temporarily gained access to Tesla’s and Elon’s Twitter accounts.
Some customers may have noticed temporary changes to www.teslamotors.com on their browsers or experienced difficulty when using our mobile app to access Model S. Both were due to teslamotors.com being re-routed.
Our corporate network, cars and customer database remained secure throughout the incident. We have restored everything back to normal. We are working with AT&T, Network Solutions, and federal authorities to further investigate and take all necessary actions to make sure this never happens again.
Fairly shortly after the account, Tesla was able to regain control of the wayward Twitter accounts as well as undo any of the spoof emails and access protocols used by the hackers to cause such havoc.
As always, when we have more on this story we’ll bring it to you, but for now it reminds us of one very simple thing.
A piece of armor is only as strong as its weakest link. Even if — as in this case — you’re not the one who made the weak link.
You can also support us directly as a monthly supporting member by visiting Patreon.com.