Numosity EV charging software firm breached, initially claimed as Tesla breach
Learn More
A significant cybersecurity incident initially misattributed to Tesla has been identified as affecting Numocity, an electric vehicle (EV) charging software company. The incident was reported by threat actors IntelBroker and EnergyWeaponUser.
The compromise occurred through unauthorized access to Azure storage buckets containing customer information. The threat actors reportedly used hard-coded credentials to traverse multiple systems before accessing four Azure storage buckets containing .xlsx files with customer data.
Exposed data include:
- Full names
- Locations
- Payment information
- Vehicle identification numbers (VINs)
- Car makes and models
- Email addresses
- Customer charging station data
- Various location data across Dubai, Puerto Rico, and Oman
The breach reportedly affects 116,000 rows of data. While the threat actors initially claimed the data primarily affected individuals in the Middle East and UAE, the leaked sample predominantly contained information from Puerto Rico residents. The breach included data about various vehicle manufacturers including Audi, Porsche, Volvo, and Tesla.
Numocity has not publicly acknowledged the incident. The breach was verified by the Cybernews research team, who confirmed the legitimacy of the data but noted that it likely originated from a multi-operator electric vehicle charging platform rather than directly from Tesla.
