Tesla had thrown away computers without wiping them which left some customer accounts compromised.
With the Tesla Autopilot computer upgrade and a recently announced MCU2 upgrade on top of regular replacements for performance issues, Tesla changed a lot of computers in its vehicles.
It contained sensitive information, like Google or Spotify usernames and passwords.
These passwords were not encrypted.
Source: https://electrek.co/2020/05/03/tesla-computers-thrown-away-wiping-compromising-accounts/
TPRM report: https://scoringcyber.rankiteo.com/company/tesla-motors
"id": "tes2223291222",
"linkid": "tesla-motors",
"type": "Data Leak",
"date": "05/2020",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Automotive',
'name': 'Tesla',
'type': 'Company'}],
'attack_vector': 'Improper Disposal of Computers',
'data_breach': {'data_encryption': 'No',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Google usernames and passwords',
'Spotify usernames and '
'passwords']},
'description': 'Tesla had thrown away computers without wiping them which '
'left some customer accounts compromised. With the Tesla '
'Autopilot computer upgrade and a recently announced MCU2 '
'upgrade on top of regular replacements for performance '
'issues, Tesla changed a lot of computers in its vehicles. It '
'contained sensitive information, like Google or Spotify '
'usernames and passwords. These passwords were not encrypted.',
'impact': {'data_compromised': ['Google usernames and passwords',
'Spotify usernames and passwords'],
'systems_affected': ['Autopilot computers', 'MCU2 computers']},
'title': 'Tesla Data Breach Due to Improper Disposal of Computers',
'type': 'Data Breach',
'vulnerability_exploited': 'Lack of Data Wiping and Encryption'}