Tesla Accidentally Gave A Customer Full Control Of Its Forum

Indira Datta - Nov 21, 2018


Tesla Accidentally Gave A Customer Full Control Of Its Forum

Tesla's IT Department accidentally gave a customer the right to full control of its forum.

Tesla's forum recently suffered from an ironical information technology incident.

When a customer complained about the delay in delivering his car to the company, he was having trouble posting the post. He contacted Tesla's supporter for help. Instead of helping him with that particular post, IT staff allowed him to control the site. At present Tesla's forum has 1.5 million members, the customer had the permission to control the forum including editing, deleting posts and viewing information of other users.

A spokesman for Tesla stated that the company's IT staff had inadvertently licensed a customer the access to higher rights on the Tesla forum. The company quickly revoked the control and adjusted to the customer's privileges.

The customer in the story above is the chief executive of the DansDeals.com travel website - Daniel Eleff. According to a retelling of Dan, while he was editing a post complaining about the delivery of the car he had bought, he had a problem and lost the thread. Turns out, he does not have "owners" accounts, so he was not allowed to post more than one thread in a day. Dan contacted the company's customer service department to help him solve the problem.

In his blog post, Dan recalled that after failing to edit the complaint post, he reached Tesla for support, asking them to list him as an owner on the company's forum. The agent that took his call had no idea what 'forums' was. So he explained to her that they were on the site Tesla.com; however, there was certainly no link on Tesla's web to the forums. He said to type in forums.tesla.com and the agent promised to tell the IT department about my request.

And the IT department gave Dan exactly what he asked for, or at least, what they thought he asked for.

Dan said he could access the information of nearly 1.5 million accounts on this forum. He could also look up the specific name he wanted to find such as friends and neighbors who use Tesla. Furthermore, he claimed he had seen Elon Musk’s account, this account has not logged in for over three years.

When Dan tried to post and then unpublish his post, he accidentally erased thousands of other threads.

This is how the forum normally looks like to users

Dan also said he found many personal emails not belonging to company emails that linked to high authority accounts on the forum. Tesla also explained that these were emails from former employees and that those accounts had been downgraded and disqualified.

Tesla suggested Dan that he report this issue through the Bug Bounty program. Dan said his report was still in process.

Tesla has stated that the Bug Bounty program was specifically designed to encourage users to respond and report bugs so that researchers and IT staff can study and repair the problem. This also contributes to the development of the network security community.

Comments

Sort by Newest | Popular