Attacker, posing as Tesla employee, gained access to car co.'s Twitter
Attackers were able to compromise Telsa's and co-founder Elon Musk's Twitter feeds over the weekend by calling AT&T customer service and posing as a Tesla employee to convince the phone company to forward calls to a phony number.
The perpetrators then contacted the domain host for teslamotors.com using the phony number to add a bogus email to the admin account, according to a statement that Tesla sent to Forbes. They then reset the password to the admin accounts and rerouted website traffic to an illegitimate website. From there, they gained access to Twitter accounts belonging to the company and Musk where they posted false claims.
Tesla said corporate or customer systems and databases weren't compromised and everything has been "restored to normal." Tesla is known for richly rewarding those who responsibly disclose vulnerabilities in their platform.