An unidentified hacker or hackers broke into a Tesla-owned Amazon cloud account and used it to “mine” cryptocurrency, security researchers said. The breach also exposed proprietary data for the electric carmaker.
The researchers, who worked for RedLock, a 3-year-old cybersecurity startup, said they discovered the intrusion last month while trying to determine which organization left credentials for an Amazon Web Services (AWS) account open to the public Internet. The owner of the account turned out to be Tesla, they said.
“We weren’t the first to get to it,” Varun Badhwar, CEO and cofounder of RedLock, told Fortune on a call. “Clearly, someone else had launched instances that were already mining cryptocurrency in this particular Tesla environment.”
The incident is the latest in a string of so-called cryptojacking attacks, which involve thieves hijacking unsuspecting victims’ computers to generate virtual currencies like Bitcoin. The schemes have seen a resurgence in popularity as cryptocurrency prices have soared over the past year.
Earlier this month, websites for the U.S. federal court system and the U.K.’s National Health Service roped their visitors into similar virtual money-minting operations.