Tesla’s Remote Hacking History Contradicts Executive Testimony During a Senate Commerce Committee hearing on autonomous vehicles this week, Tesla Vice President of Vehicle Engineering Lars Moravy asserted that no one has ever remotely taken control of a Tesla vehicle. His claim "We have many layers of security in our system… the answer is simply no" directly contradicts documented cybersecurity incidents involving the company’s fleet. In 2017, security researcher Jason Hughes (known as WK057) uncovered critical vulnerabilities in Tesla’s central server, "Mothership," which manages communication with its entire fleet. By exploiting these flaws, Hughes gained access to vehicle location data, system information, and the ability to send commands to any Tesla using only a VIN number. To demonstrate the severity, he remotely activated the Summon feature on a California-based Tesla from his home in North Carolina proving that, at the time, a malicious actor could have stolen or manipulated vehicles from afar. Tesla awarded Hughes a $50,000 bug bounty (far exceeding its standard maximum payout) and patched the vulnerability overnight. This incident occurred months before Elon Musk publicly warned about "fleet-wide hacks" as a major concern for Tesla, even joking about hackers redirecting all Teslas to Rhode Island as a prank. The 2017 breach was not an isolated case: In 2016, researchers at Keen Security Lab (Tencent) remotely compromised a Tesla Model S from 12 miles away, gaining control of its brakes by exploiting the vehicle’s Controller Area Network (CAN bus). Tesla addressed that vulnerability within 10 days. While both incidents involved white-hat researchers who disclosed the flaws responsibly and Tesla has since bolstered its security measures, including expanded bug bounties and participation in hacking competitions like Pwn2Own Moravy’s testimony omitted these historical breaches. His statement that "no one has ever been able to" take remote control of a Tesla is factually inaccurate. The hearing, which focused on establishing a federal framework for autonomous vehicles, underscored the importance of accurate security claims as lawmakers weigh regulatory oversight. Tesla’s cybersecurity has improved since 2017, but its public record of past vulnerabilities remains a key part of the discussion.

Tesla experienced a drop in share value following a reported massive cyberattack on its associated social media platform X, causing an outage for users. The outage was initially noted by Downdetector early in the day and affected nearly 40,000 users at its peak. While the site remained partially functional, the incident raised concerns over cybersecurity, and the company's stock fell sharply by 15.7%. The fallout extended to Tesla with some consumers selling their vehicles and vandalism at dealerships due to Musk's governmental ties and involvement with former President Donald Trump.

Grubhub Faces Class Action Lawsuit Over January 2025 Data Breach A former Grubhub employee has filed a class action lawsuit against the food delivery platform, alleging the company failed to implement adequate security measures to protect sensitive personal and financial data. The complaint, filed on February 5, 2025, in the U.S. District Court for the Northern District of Illinois, claims cybercriminals accessed the information of tens of thousands of customers and employees in a January 2025 breach. The exposed data reportedly included Social Security numbers, addresses, and financial details. Grubhub notified affected individuals on February 3, 2025, acknowledging the incident. The lawsuit, led by plaintiff Brian Bianchi, accuses Grubhub of negligence in safeguarding user data, potentially leaving victims vulnerable to identity theft and fraud. The case highlights growing scrutiny over corporate cybersecurity practices and the legal consequences of failing to protect consumer information. No further details on the breach’s scope or the attackers’ methods have been disclosed.

Tesla's Cybertruck, being an electric vehicle, was repurposed for combat and featured in warfare when Chechnya's leader Ramzan Kadyrov showcased them with mounted heavy machine guns for use in the Russia-Ukraine conflict. Kadyrov’s claim that Elon Musk remotely disabled one of these Cybertrucks highlights the potential risks and downsides of smart vehicles in combat situations, particularly when geopolitical tensions and sanctions are involved. This incident raises concerns about the security, control, and utilization of commercial technology in military engagements, as well as the potential fallout in terms of public perception and international relations for Tesla.

Tesla has started notifying current and former employees who were affected by a data breach that exposed a total of 75,735 individuals. The compromised information exposed personal information such as Social Security numbers, names, and addresses was involved in the breach. Experian IdentityWorks' credit monitoring and identity theft solution is available with a free membership from the corporation as a precaution. Depending on the individual and the engagement number provided in the notification letter, the membership's duration will range from one to two years.

A 19-year-old German security researcher remotely hacked into over 25 Tesla automobiles spread across 13 different nations after discovering a software flaw in the company's systems. Tesla investigated the incident and used a software update to fix the vulnerability found by the "white hat," or ethical, hackers.

Tesla had thrown away computers without wiping them which left some customer accounts compromised. With the Tesla Autopilot computer upgrade and a recently announced MCU2 upgrade on top of regular replacements for performance issues, Tesla changed a lot of computers in its vehicles. It contained sensitive information, like Google or Spotify usernames and passwords. These passwords were not encrypted.

Luxshare Hit by Ransomware Attack, Exposing Sensitive Apple and Client Data In December 2025, Luxshare, a key Apple supply chain partner, suffered a ransomware attack that resulted in the theft of highly sensitive data. The breach, which occurred on December 15, was later claimed by the hacking group RansomHub, which posted the stolen files for sale on the dark web. The attackers allege they obtained a trove of confidential documents, including 3D CAD models, engineering schematics, product repair and shipping timelines, and personal data of employees dating back to 2019. Among the compromised files were Gerber and .dwg design files, as well as electronic and mechanical component documentation critical assets for product manufacturing. Luxshare, a contract manufacturer, works with multiple major tech firms, and the stolen data reportedly includes proprietary information from Apple, Nvidia, LG, Geeky, and Tesla. For Apple, Luxshare has been involved in projects such as iPhone, MacBook, and Apple Watch production, making the breach particularly damaging. The implications of the attack are far-reaching. Competitors could exploit the leaked designs to reverse-engineer products or develop counterfeits, while cybercriminals may use the data to identify new vulnerabilities in Apple’s hardware. Though the breach does not directly affect end users, it could disrupt supply chains, leading to production delays or security risks in future Apple devices. Neither Luxshare nor Apple has officially acknowledged the incident, but the leaked files appear legitimate, raising concerns about the broader impact on the tech industry’s supply chain security.

Cloud security company RedLock found the incident and notified Tesla, which now confirms that hackers have breached its cloud computing platform to mine cryptocurrency. The Tesla corporation resolved the vulnerability that the hackers used to infiltrate their cloud servers and install a cryptocurrency miner. With a Kubernetes console that was apparently not password-protected, the attackers were able to access Tesla's Amazon Web Services environment. The Tesla engineers were responsible for the security breech, according to RedLock, as they neglected to add an authentication system to the Kubernetes console.

Tesla suffered a cyberattack, researchers from the Chinese tech company Tencent discovered a number of flaws that, when combined, gave them remote access to a Tesla Model S and the ability to operate the sunroof, dashboard, door locks, and even the brake system. The approach gave the researchers access to the controller area network (CAN) bus, which enables communication between the car's specialized computers. They investigated the incident and fixed the potential vulnerabilities.

A Russian hacker recruited a Russian-speaking Tesla employee for $1 million. The two individuals happened in 2016 but the hacker reached out to the worker through WhatsApp in July 2020. He offered $500,000 for the employee to install malware from either a USB drive or by clicking a malicious email link for executing a ransomware attack against the company. The hacker promised to encrypt the malware so that it was untraceable to the employee who installed it on the computer system. Tesla employee alerted the company of the planned ransomware attack.