Looks like it’s going to be a rough Saturday for Tesla’s IT department: they’ve just had both their website and Twitter account hijacked.
Update, 3:50 P.M: Tesla CEO Elon Musk’s personal Twitter account was seemingly hijacked briefly around this time, as well.
The first signs of the hijacking popped up around 1:52 P.M. pacific, when a tweet from the account declared that it was now under the control of its attackers, and the account’s name was changed from “Tesla Motors” to “#RIPPRGANG”.
A few minutes later, the account began promising free Teslas to those who followed certain accounts or to those who called a certain phone number. A quick search suggests that the number belongs to a computer repair shop in Illinois, and was presumably tweeted out to flood the number’s owner with calls. We’ve censored the number in the above screenshot for obvious reasons.
At nearly the same time, Tesla’s website was edited to declare that it’d been hacked by the same attackers. As of 2:15 p.m., the site had been taken offline — but in the hours since, it’s returned with the hijacked page multiple times. Its Twitter account, meanwhile, still seems to be hijacked. (We’ve avoided linking directly to any of the hacked sites in the off chance that the sites themselves were made to compromise the user’s security.)
Update: At around 2:45 P.M pacific, or roughly an hour after the Twitter account was compromised, it was restored. Tesla’s site is still offline.
It’s not unusual for a high-profile Twitter account to get hijacked — many of the most followed accounts in the world have fallen at one time or another. Taylor Swift’s account, for example, was hacked just weeks ago. That both Tesla’s Twitter account and the website were hacked simultaneously, though, points to an issue beyond a one-off Twitter security failing.
It’s unclear if the hack compromised the security of Tesla’s own servers, or if the site hijacking is a result of something like DNS/domain redirection. We’ve reached out to Tesla for comment here.