[ad_1]
<div _ngcontent-c14 = "" innerhtml = "
(credit: Getty)Getty
Tesla is recognized for its ability to quickly resolve a large number of customer complaints, and many answers and solutions emanating directly from its CEO, Elon Musk. But it's not a story of good customer service. On the contrary, it is the story of a chaotic communication process that, according to one customer, led to the discovery of an online security breach for Tesla.
Dan, who only uses his name on the forums and the website he runs, has recently resumed his long-awaited Model 3 after two previous false starts, and even before he had a chance to sit in it. , chaos began, according to a blog post that he wrote.
The hell of delivery logistics is only the beginning
Dan writes that his commercial agent assured him that he could switch at any time to the improved autopilot, but the delivery agent handing him his keys told him that this could only be added before delivery. After taking the car home, he noticed a defect in the lamination on the roof while glass. After reporting the damage, Customer Service awarded the Enhanced Autopilot an order price of $ 3,000 before delivery, but the representative did not know how to do so without charging the upgrade price of $ 5,000 after the upgrade. delivery. And after waiting several weeks to get an appointment to repair the roof, they damaged the paint during the replacement and had to keep the car longer for the repair of the bodywork.
Meanwhile, he detailed his experience on the official Tesla forum (not to be confused with the Tesla Motor Club forum), adding hundreds of other discussion topics complaining of a poor delivery service . However, after trying to update his long message, the Cleveland-based user discovered that he had mysteriously disappeared and could not republish it, his account being limited to one message per day.
His request to remove this restriction would have been passed on to the Tesla IT department by the customer service department. Shortly after, Dan had discovered that he was able to do more than just post multiple threads a day.–he had all the rights of administrator on the whole forum.
What Tesla forum administrators can do
As a Tesla Forum Administrator, he can edit and delete any message on the site. It could also add new forum topics, create new vehicle models (at least on the forum) and even create new vehicle bookings and upcoming Supercharger locations. But the biggest security breach is that he has given her permission to view profile details of more than 1.5 million accounts, including those of Musk.
And since Dan could see that Musk was last connected more than three years ago, we can probably put an end to the rumor that he would have checked the forum.
The novice owner of Tesla was not the only one to have all the rights of administrator on the site. Several other customer accounts had these permissions, as well as former employees. The degree of security breach that this represents is not clear. The forum is not connected to any other databases managed by the company. In fact, you can not even access the forum directly from the Tesla website.
On November 8, he also contacted Twitter on Tesla to alert the company of his security problem, without immediate response:
Rather than wasting time with everyone's data, all Dan did with his superuser access is to resurrect his original message. But it was not exactly the same thing.
ooops
Members of the Eagle-Eyed forum noticed that his user profile had been changed to employee status with a red Tesla badge next to his name. He therefore quickly canceled the publication. But a bug in the Drupal software running the forum was deleting every previous publication.
If you want to get Tesla's attention and Twitter does not work, you can delete years and years of messages from its forum. Soon after, everything was restored and Dan lost his administrator privileges.
Tesla answers
Tesla's customer service also responded by email to his concerns regarding the security of the forum, assuring him that no official customer data was shared because of this error and that it was unlikely that former employees retaining their administrator status abused the site. You can read their complete answer with screenshots here. He was asked to submit the bug to Bug Crowd's official website, which is also responsible for determining the bonus for finding it.
In the meantime, he was able to speak with his local branch manager and received the enhanced autopilot. option for $ 3,000, free lifetime LTE data, two free vehicle repairs and one Tesla Home Charge Wall Connector in compensation for his vehicle problems.
Although Tesla ended up taking advantage of a poor customer experience, it would be best if this ever happened, especially for the 1.5 million users of the forum.
Update: Tesla answered the story with the following message:
Our anti-bug program is specifically designed to encourage this type of reporting, as well as more in-depth research from the security community. In this case, the customer has been inadvertently granted a higher level of permissions than he should have had on the Tesla forum, which is not connected to our vehicles, to our main website or to other digital channels. We canceled access as soon as it was reported and made further changes to adjust the privileges accordingly as a result of a full audit. We have no reason to believe that there has been abuse of accounts or content on our forums and we have taken steps to prevent this from happening again. Any customer reporting a potential security breach is invited to apply for a reward via our bug bonus program.
Source: Dansdeals.com
">
Tesla is recognized for its ability to quickly resolve a large number of customer complaints, and many answers and solutions emanating directly from its CEO, Elon Musk. But it's not a story of good customer service. On the contrary, it is the story of a chaotic communication process that, according to one customer, led to the discovery of an online security breach for Tesla.
Dan, who only uses his name on the forums and the website he runs, has recently resumed his long-awaited Model 3 after two previous false starts, and even before he had a chance to sit in it. , chaos began, according to a blog post that he wrote.
The hell of delivery logistics is only the beginning
Dan writes that his commercial agent assured him that he could switch at any time to the improved autopilot, but the delivery agent handing him his keys told him that this could only be added before delivery. After taking the car home, he noticed a defect in the lamination on the roof while glass. After reporting the damage, Customer Service awarded the Enhanced Autopilot an order price of $ 3,000 before delivery, but the representative did not know how to do so without charging the upgrade price of $ 5,000 after the upgrade. delivery. And after waiting several weeks to get an appointment to repair the roof, they damaged the paint during the replacement and had to keep the car longer for the repair of the bodywork.
Meanwhile, he detailed his experience on the official Tesla forum (not to be confused with the Tesla Motor Club forum), adding hundreds of other subjects complaining about mediocre delivery services. However, after trying to update his long message, the Cleveland-based user discovered that he had mysteriously disappeared and could not republish it, his account being limited to one message per day.
His request to remove this restriction would have been passed on to the Tesla IT department by the customer service department. Shortly after, Dan had discovered that he was able to do more than just post multiple threads a day.–he had all the rights of administrator on the whole forum.
What Tesla forum administrators can do
As a Tesla Forum Administrator, he can edit and delete any message on the site. It could also add new forum topics, create new vehicle models (at least on the forum) and even create new vehicle bookings and upcoming Supercharger locations. But the biggest security breach is that he has given her permission to view profile details of more than 1.5 million accounts, including those of Musk.
And since Dan could see that Musk was last connected more than three years ago, we can probably put an end to the rumor that he would have checked the forum.
The novice owner of Tesla was not the only one to have all the rights of administrator on the site. Several other customer accounts had these permissions, as well as former employees. The degree of security breach that this represents is not clear. The forum is not connected to any other databases managed by the company. In fact, you can not even access the forum directly from the Tesla website.
On November 8, he also contacted Twitter on Tesla to alert the company of his security problem, without immediate response:
Rather than wasting time with everyone's data, all Dan did with his superuser access is to resurrect his original message. But it was not exactly the same thing.
ooops
Members of the Eagle-Eyed forum noticed that his user profile had been changed to employee status with a red Tesla badge next to his name. He therefore quickly canceled the publication. But a bug in the Drupal software running the forum was deleting every previous publication.
If you want to get Tesla's attention and Twitter does not work, you can delete years and years of messages from its forum. Soon after, everything was restored and Dan lost his administrator privileges.
Tesla answers
Tesla's customer service also responded by email to his concerns regarding the security of the forum, assuring him that no official customer data was shared because of this error and that it was unlikely that former employees retaining their administrator status abused the site. You can read their complete answer with screenshots here. He was asked to submit the bug to Bug Crowd's official website, which is also responsible for determining the bonus for finding it.
In the meantime, he was able to speak with his local branch manager and received the enhanced autopilot. option for $ 3,000, free lifetime LTE data, two free vehicle repairs and one Tesla Home Charge Wall Connector in compensation for his vehicle problems.
Although Tesla ended up taking advantage of a poor customer experience, it would be best if this ever happened, especially for the 1.5 million users of the forum.
Update: Tesla answered the story with the following message:
Our anti-bug program is specifically designed to encourage this type of reporting, as well as more in-depth research from the security community. In this case, the customer has been inadvertently granted a higher level of permissions than he should have had on the Tesla forum, which is not connected to our vehicles, to our main website or other digital channels. We canceled access as soon as it was reported and made further changes to adjust the privileges accordingly as a result of a full audit. We have no reason to believe that there has been abuse of accounts or content on our forums and we have taken steps to prevent this from happening again. Any customer reporting a potential security breach is invited to apply for a reward via our bug bonus program.
Source: Dansdeals.com
