There I was looking through some Twitter feeds when I noticed that Tesla Motors was giving away Teslas if you called a phone number. "Amazing!" I thought. That a company as big as Tesla can get their Twitter accounts hacked. A verified Twitter account with over half a million followers, and now it was at the mercy of someone else. At least it was, for about 20 minutes, before the problem was resolved.
For 20 full minutes however, random Twitter shoutouts were being Tweeted out, and all by another apparent Twitter user. Except that it wasn't that user doing the work. It was someone else. Who that is, I don't know and I'm assuming we might never know. But it got me thinking about web security once again. We all see Tesla as a company in the upper echelons of technology. They make rockets, futuristic cars and soon maybe even batteries to power your home. But even they fall to the same shortcomings as any other company. Even they sometimes leave passwords to social media sites lying around on a piece of paper maybe. Even they sometimes leave vulnerabilities on their websites unknowingly.
To top things off, at the exact time that someone was spamming a Twitter user with requests for free cars, Tesla's official website TeslaMotors.com was also being hacked. The homepage was changed to something else. What looked to be a rushed photoshop job of a Tesla Model S and pictures of some individuals. Even more amazing I thought. It's one thing to get your hands on a Twitter users password, possibly because they were negligent in where they kept it, but it's a whole new game when their servers get compromised. That's not exactly an easy task, unless you know where to look and have the right keys of course. Which I'm assuming is what happened.
Since I don't work at Tesla, I can only assume that someone got a hold of passwords that the company is currently using. It happens. I've worked at companies where server credentials were accidentally left on the page in a comment or where changing passwords were emailed out weekly to employees. One wrong forward to a misspelled email and there goes that. Or one pissed off employee with that same list, a list that rarely changes, and once again your leaving yourself open.
I'm hoping that Tesla Motors does more than just bandage the problem. That hopefully their security protocols change, and that Twitter account credentials aren't just left strewn about for the next social media manager. Because if a company as advanced as Tesla can fall, what hope is there for everyone else.