Many Tesla owners using third-party apps to monitor have found them not to be working in the last few days as Tesla appears to have revoked many log-in tokens – a hacker claims to be behind the action after he supposedly gained access to several Tesla accounts.
Tesla doesn’t have an official dev kit or app store, but it does have an unofficial API that led to a market for third-party apps. These apps provide Tesla owners with additional features that are not native, like logs for your trips and charging sessions, battery health reports, and more.
In order for those apps to get access to your data, they either require your Tesla account log-in information or an authentication token associated with your account.
Yesterday, several Tesla owners using those apps, like Tezlab, reported that they didn’t work anymore.
Tesla apparently expired a lot of authentication tokens early:
Tyler Corsair, who operates Teslascope, another third-party app, says Tesla appears to have moved to a new version of its token (via Twitter):
It appears that Tesla has just deprecated their V2 tokens which will effectively kill off all TeslaMate instances, as they haven’t updated to use V3 (OAuth/SSO) yet.
The fix is as simple as reconnecting your Tesla account to whatever third-party apps you are using. However, it doesn’t seem to affect all Tesla owners using third-party apps, but especially newer tokens.
David Colombo claims to be behind Tesla revoking the token and moving to its V3 token early:
Colombo previously said that he managed to get access to several Tesla owners’ accounts, which enables you to log into their Tesla app and have some control over their cars.
He has been vague about how he managed to get access, but he said that it wasn’t due to Tesla’s own security, which made many suspects that he gained access to the account through a third-party app.
It serves as a good reminder to be careful about who you give your information to.
Subscribe to Electrek on YouTube for exclusive videos and subscribe to the podcast.