Over 1,300 TeslaMate Servers Exposed Online, Spilling Vehicle Data
ByAinvest
Tuesday, Aug 26, 2025 10:43 am ET1min read
TSLA--
A security researcher has discovered over 1,300 publicly exposed TeslaMate servers that are inadvertently sharing sensitive data about Tesla vehicles, including location histories. These servers, run by Tesla owners, were likely made public by mistake, allowing anyone to access the data without a password [1].
Seyfullah Kiliç, founder of cybersecurity company SwordSec, found these exposed servers by scanning the internet for public-facing TeslaMate dashboards. TeslaMate is an open-source data logger that allows Tesla owners to self-host and visualize their vehicle’s data from their own computers, such as temperature, battery health, charging sessions, and more sensitive information like vehicle speed and recent trip locations [1].
Kiliç mapped the locations of these vehicles on a map to demonstrate the extent of the data leakage. He noted that without basic authentication or firewall rules, sensitive data can be easily leaked [1]. This issue is not new but has significantly worsened since 2022 when a security researcher found dozens of public TeslaMate dashboards exposed to the web [1].
TeslaMate's founder, Adrian Kumpf, acknowledged the problem in 2022 and released a bug fix aimed at protecting against public access to customers’ dashboards. However, he warned that the project could not protect against users accidentally exposing their TeslaMate servers to the internet [1]. Kiliç emphasized the importance of enabling authentication on servers to prevent public access [1].
The security researcher’s findings highlight the growing risk of data exposure through self-hosted applications. Organizations and individuals should prioritize securing their servers and data, especially when dealing with sensitive information. European organizations are particularly at risk, especially those relying on the bobbingwide oik software, which has a recently discovered high-severity reflected Cross-Site Scripting (XSS) vulnerability [2].
References:
[1] https://techcrunch.com/2025/08/26/security-researcher-maps-hundreds-of-teslamate-servers-spilling-tesla-vehicle-data/
[2] https://radar.offseq.com/threat/cve-2025-54670-cwe-79-improper-neutralization-of-i-b951e1ca
A security researcher has found over 1,300 publicly exposed TeslaMate servers that are leaking sensitive data about Tesla vehicles, including location histories. The servers, run by Tesla owners, were likely made public by mistake, allowing anyone to access the data without a password. The researcher urges TeslaMate users to secure their dashboards by enabling authentication to prevent public access.
Title: Over 1,300 TeslaMate Servers Exposed, Leaking Sensitive Vehicle DataA security researcher has discovered over 1,300 publicly exposed TeslaMate servers that are inadvertently sharing sensitive data about Tesla vehicles, including location histories. These servers, run by Tesla owners, were likely made public by mistake, allowing anyone to access the data without a password [1].
Seyfullah Kiliç, founder of cybersecurity company SwordSec, found these exposed servers by scanning the internet for public-facing TeslaMate dashboards. TeslaMate is an open-source data logger that allows Tesla owners to self-host and visualize their vehicle’s data from their own computers, such as temperature, battery health, charging sessions, and more sensitive information like vehicle speed and recent trip locations [1].
Kiliç mapped the locations of these vehicles on a map to demonstrate the extent of the data leakage. He noted that without basic authentication or firewall rules, sensitive data can be easily leaked [1]. This issue is not new but has significantly worsened since 2022 when a security researcher found dozens of public TeslaMate dashboards exposed to the web [1].
TeslaMate's founder, Adrian Kumpf, acknowledged the problem in 2022 and released a bug fix aimed at protecting against public access to customers’ dashboards. However, he warned that the project could not protect against users accidentally exposing their TeslaMate servers to the internet [1]. Kiliç emphasized the importance of enabling authentication on servers to prevent public access [1].
The security researcher’s findings highlight the growing risk of data exposure through self-hosted applications. Organizations and individuals should prioritize securing their servers and data, especially when dealing with sensitive information. European organizations are particularly at risk, especially those relying on the bobbingwide oik software, which has a recently discovered high-severity reflected Cross-Site Scripting (XSS) vulnerability [2].
References:
[1] https://techcrunch.com/2025/08/26/security-researcher-maps-hundreds-of-teslamate-servers-spilling-tesla-vehicle-data/
[2] https://radar.offseq.com/threat/cve-2025-54670-cwe-79-improper-neutralization-of-i-b951e1ca
Stay ahead of the market.
Get curated U.S. market news, insights and key dates delivered to your inbox.
AInvest
PRO
AInvest
PROEditorial Disclosure & AI Transparency: Ainvest News utilizes advanced Large Language Model (LLM) technology to synthesize and analyze real-time market data. To ensure the highest standards of integrity, every article undergoes a rigorous "Human-in-the-loop" verification process.
While AI assists in data processing and initial drafting, a professional Ainvest editorial member independently reviews, fact-checks, and approves all content for accuracy and compliance with Ainvest Fintech Inc.’s editorial standards. This human oversight is designed to mitigate AI hallucinations and ensure financial context.
Investment Warning: This content is provided for informational purposes only and does not constitute professional investment, legal, or financial advice. Markets involve inherent risks. Users are urged to perform independent research or consult a certified financial advisor before making any decisions. Ainvest Fintech Inc. disclaims all liability for actions taken based on this information. Found an error?Report an Issue
Comments
No comments yet