Tesla owners, beware. And business owners, listen up.

A person who describes himself as a "white hat hacker" recently purchased four Tesla car computers off eBay. Upon accessing the computers, called media control units (MCU), the person was able to obtain personally identifiable information about a vehicle's owner, including their "home and work location, all saved Wi-Fi passwords, calendar entries from the phone, call lists and address books from paired phones, Netflix and other stored session cookies," according to InsideEV.

According to the hacker, who revealed the information to improve Tesla security, the personal information was unencrypted and readily accessible. Netflix and other information was accessible because MCUs are where Teslas store data from third-party applications, like Netflix and Spotify, that are synced to the vehicle.

 inline image

The finding highlights a potentially troubling problem for Tesla owners. It would appear that a Tesla's onboard computer stores information unencrypted. If someone knows how to access the MCU, they could conceivably find out where someone lives, gain access their home network, and more.

What's worse, the report says MCUs are readily available for sale after they're stripped from vehicles. So, while the hacker didn't want to do any harm, there's always the possibility that a bad actor could obtain one of the MCUs and wreak havoc.

Tesla did not immediately respond to an Inc. request for comment on the MCUs, but the lesson learned here still matters to companies both big and small.

If your company houses customer data and you sell a product that can and will be used by more than just the owner, ensuring that data can't be transferred from one customer to another is absolutely critical. Absent a strong data-privacy policy, such data can easily be stolen and used maliciously.

Luckily for Tesla, there is a fix--and it may be easy to implement.

Teslas are driving computers that can be easily updated and patched. Given that, it shouldn't be all that difficult for Tesla to find a way to safeguard MCU data and otherwise keep consumer information safe. But as with any other company worried about data security, Tesla needs to move quickly to patch the flaw. It's by no means the easiest method for hackers to exploit, but it's an exploitable problem nonetheless. And that's a problem.