How I Went From Tesla Delivery Hell To Tesla Giving Me Control Of Their Site Forums With Over 1.5 Million Tesla Account Contacts - DansDeals.com


My Model 3 at delivery, before Tesla managed to have it sent it to the body shop.

DDMS IconNever Miss Another Deal - Follow DansDeals on Facebook

This post was written on Sunday, November 11th but was not published as Tesla asked for more time to fix the issue before I wrote about it. An epilogue/update is at the bottom.

This is a long read, so you may want to bookmark it for when you have spare time.

My first car was a new 2011 Nissan Altima with leather seats that I negotiated down from $27K to $19K. That came after my wife insisted that we upgrade from the rusted out Chevy Venture hand-me-down that didn’t have a working gas gauge. It’s tough to play the free grocery store gas game while earning miles buying gift cards when you don’t know when your car will run out of gas. After we got stranded without gas for the 3rd time I knew I’d have to take the plunge and buy a car. The Altima was a great car, though it went through some rough times, such as when I loaned it to someone who managed to inflict $12,000 of damage to it.

I’ve been enamored of electric cars for some time and when I first read about the Tesla Model 3 I had a feeling that I’d be hooked.

I plunked down a $1,000 refundable deposit on the Model 3 and waited and waited until Tesla invited me to configure the car.

Tesla had promised that they would make a $35,000 Model 3 and I was hoping to wait until then, but it soon became clear that they would not be selling a $35,000 model before the $7,500 federal tax credit expires by the end of 2018.

I finally was invited to test drive a Model 3 in mid-July. The Tesla employees struck me a bit odd and cult-like. They weren’t particularly helpful and it seemed like they knew they had the best product in the world. But I was completely blown away by the car and the technology. This wasn’t like driving a car, this was like piloting a rocketship! It felt like a game-changer and the future of driving and I knew I’d be hooked. Maybe I’d even join the cult.

Tesla pricing changes nearly as often as Amazon changes prices, so I was playing a waiting game. I was on the fence waiting a cheaper car to come out when the end of Starpoint earnings on the Starwood AMEX finally pushed me into plunking down $2,500 on the card to configure a Model 3 on 7/31.

The next day, the price of the Model 3 I configured jumped by several thousand dollars and I was feeling pretty good about my decision!

Not all early buyers have made out well. Tesla dropped the price of the Performance Plus upgrade package by $5,000 recently. Some people with Performance Plus have been able to get that refunded by forfeiting their grandfathered lifetime free superchaging, but people that paid for the $11,000 Performance package (a software upgrade) and not the $5,000 Plus upgrade (a hardware upgrade) are out of luck.

Early model 3 buyers like myself who didn’t upgrade to the performance package don’t get any free supercharging, despite the fact that people who now buy a Tesla via my referral code will get 6 months of free supercharging.

I didn’t expect to add the enhanced autopilot option, but after trying it out on the test-drive it was a no-brainer. The technology was amazing and thanks to Tesla’s software updates its constantly getting better.

The big question was the full self-driving feature. I could put down $3,000 and be guaranteed to have it once it became available or I could pay $5,000 later on. I emailed the Tesla rep who took me on a test-drive and he assured me that I could wait an decide about that feature at delivery as it was just a software feature.

I was pleasantly surprised when I got an email to schedule my delivery in the beginning of September and I made arrangements to unload my Altima. Then Tesla abruptly cancelled my appointment and rescheduled it for the end of September. Spoiler alert: They cancelled that appointment as well and said they couldn’t tell me when my car would be delivered. There was silence when I asked for updates.

In the meantime I learned that people that ordered a Model 3 by 6/30 would get lifetime free LTE internet connectivity in their cars, while others would need to pay for the LTE. I asked for lifetime free LTE on my car given that I had placed an early deposit and now had multiple delivery cancellations and the rep said they should be able to work that out for me and to finalize it at delivery.

Finally in late October I was told that my car was available for pickup. I went in at my scheduled appointment time, only to find a room full of people waiting who had appointments hours before mine.

I knew it would be a long day.

After waiting for some time it was my turn. I was handed papers to sign and let them know that I had decided to go ahead and add the full self driving option.

The rep looked at me like I had a few loose screws. “That had to be done before delivery.”

No, I insisted. I was told that it could be added at delivery. The rep said that was impossible.

So I pulled up the email and showed it to the rep to prove my point and also asked about the lifetime connectivity. He spoke to his manager who also shrugged. There’s nobody here today that can do that. But they said they would work on it and call me back tomorrow. And they said I could return the car tomorrow if they couldn’t work it out.

I was surprised that my car wasn’t fully charged, but was thrilled when I got into the car and drove it home. Forget about having to go to Cedar Point to ride a roller coaster, I was driving one! The Tesla grin is a real thing. And I didn’t even have to splurge for the $11,000 performance version upsell to get it.

I got home and noticed another issue. There was a flaw in the lamination on the stunning all-glass roof that gives the car an amazing open feel. I called Tesla the next morning and was told they would honor the full self-driving price and that I should bring the car in to see the roof issue.

But when I came in they had no idea how to actually add the full self driving option without charging the $5,000 post-delivery price. But they promised to get back to me within 24 hours. They also agreed to order a new glass roof for the car and said they would be in touch within 48 hours to schedule an appointment.

I called back the next day and this time they took a credit card number for the full self driving option at the pre-delivery price. But my card was never actually charged.

The next 2 weeks consisted of me calling Tesla, asking for managers, and not getting any real answers or callbacks. I finally reached a regional director who promised to get the ball rolling and I had an appointment for the roof replacement this past Wednesday.

I dropped off the car and was told it would be ready within 24 hours. And they were looking into the full self driving and lifetime connectivity promises.

Then on Thursday I got a text message. My car had been scratched during the roof replacement and would be in the body shop for a day to be repaired.

Excuse me? My brand new car that came with a defect was now having body work?

I LOVE the car. I love the navigate on autopilot option that was added just last week. My friends LOVE trying it out, seeing the Tesla grin on their faces as they floor it is amazing. It’s a real joy to drive and all of the sudden I like to run errands just to drive the car more. I love the brake regeneration that means you almost never need to touch the brake. I love how it knows when to open and close my garage as I leave and return. I love how it stays in place without having to hold the brake at a light. I love the stunning HD screen and camera. I love taking highways even when surface streets would be faster just to be thrown back in my seat as the car accelerated to 80MPH in no time before the car takes over all of the driving itself. Tesla built a truly magnificent machine. And does anything get cooler than this to avoid parking tickets?

But this service was horrific and reading through the Tesla’s forums on forums.tesla.com I was hardly the only person with major service issues. There were thousands of threads from people who had delivery and service issues, but the company didn’t have anyone online to respond to issues and take care of problems. Instead the threads were mostly answered by people acknowledging that Tesla has major service issues, but once all is said and done, the product is amazing. And then there are the cult followers on the forums who are convinced that everyone who posts something negative is just trying to make Tesla’s stock price drop. Some of them need to lay off the kool-aid. It is an amazing car, but that doesn’t mean the company is without flaws.

It’s pretty much impossible to reach anyone at Tesla on Twitter or via email and their call center is worthless. Calling the local store is always a painful process. They know they can sell all of the cars they can manufacture and don’t feel the need to win anyone’s business. They’re doing you a favor by allowing you to buy a Tesla…

Talk about an amazing hard product and horrific soft product! Tesla makes the Singapore Airlines First Class of cars, but they back it with the Spirit Airlines of service.

I took to the Tesla Forums and posted my experience. One reader responded to my experience by saying to hang in there as it will be worth it. Afterwards I went to make an edit to my post and when I saved it, the thread was gone.

I didn’t think Tesla intentionally deleted it as they have practically zero presence on their own forums. But I was perplexed. I tried reposting my thread and it said that non-owners can only make one thread a day and to call customer service to lift that restriction.

So I called Tesla and asked the agent to please list me as an owner on the Tesla Forums. The agent had no idea what “forums” meant. I explained that they were on Tesla.com, but sure enough, there is no link on Tesla’s site to the forums. I said to type in forums.tesla.com and the agent said she would pass on my request to her IT department.

For a company that is manufacturing the car of the future, the Tesla forums seem like they’re stuck in the stone-age. There is no search functionality. There is no private messaging option. There is no way to upload images. There is no way to edit posts after they’re made. There is no way to tell who is actually a Tesla owner and who is just browsing for info. There are no visible moderators or company support to address issues as there should be on such a valuable platform.

I checked back on the forums after an hour and noticed something was weird. Suddenly I had the ability to edit and delete everyone’s posts! Then I looked at the top of the page and noticed the admin bar. Something very strange was going on here.

This was how the forum looked to the public:

But I now had a admin control bar on top of the forum:

I had options such as the ability to create a new forum topic. I could have a created a Tesla Model DD if I wanted to. Plus I had access to several hidden boards:

But this was much bigger than that.

I clicked on the People option and was able to view the contact information of over 1.5 million account holders:

I could view Employee profiles:

I could view Editor profiles:

And many other profiles:

I could search for people. I found relatives and neighbors with Tesla accounts.

There are lots of Elon impersonators:


But I did find the real Elon Musk account and learned that Elon had last accessed the forum 3.5 years ago. Clearly he prefers Twitter.

Rather than make me an owner, I was now a customer service agent:

Now the scary thing is, I was not the only non @Tesla.com customer service agent. Seemingly this wasn’t the first time Tesla granted random people access to this power. Perhaps they just held onto it.

There were Yahoo and Gmail addresses in profiles like Information Security. How’s that for irony?

Incredibly, the website allows Customer Service agents to assign any roles they want anyone to take on. That is an incredibly bad security flaw.

I’m an administrator on the DansDeals Forums at forums.dansdeals.com and those forums are dated and are far from perfect, but random users can’t just access everyone’s profile and grant themselves different profiles.


I could assign permissions for every role:

I could change the site name, email address, logo, and new account welcome information:

I could create a new car reservation:

And I could edit a whole lot more than that:

Maybe I should have set up a supercharger on my street?

I emailed Tesla about my account being able to do all of this and see everyone’s contact info and got no response.

I reached out on Twitter as well:

And then I found my deleted thread. So I clicked to republish it and it rose from the dead and came back to life:

That’s when people started noticing that something was off. There was a Tesla logo next to my name that indicated that I was an employee!

The conspiracy theories started flying in:

Clearly this was going in a direction I hadn’t anticipated, so I unpublished and then deleted the thread again. Except the flaming pile of garbage forum software decided to unpublish every thread that was older than my post. No normal forum software would do anything like that.

The forums went from tens of thousands of threads:

To dozens of threads:

Once again I emailed Tesla about the issue and what happened, but didn’t get a response. I could see from my account that it had been 19 hours since a forum admin (aside from myself!) had logged onto the site.

I was relieved that from my account I could still see the old threads, but regular accounts could not see any posts that were older than my deleted thread.

The view from my account:

Meanwhile, the conspiracy theorists were having a field day figuring out who this disgruntled employee “Dan” was and what he did to the forums.

Here are some of the threads:

And here are some screenshots of the fun in case those threads get deleted:

Finally Tesla got back to me and fixed the issue, at least for my account. But from seeing the members I have no doubt that they have other unauthorized accounts hiding in the forum profiles that have access to everyone’s data. They too were probably given access by Tesla themselves thanks to the atrocious forum software.

After I lost my admin status I started chiming back in with references that Elon Musk fans would enjoy, like “42” and zombie memes:

Here’s the link I posted, having some fun about what happened:

People joked about how easy it now was to read every topic on the forum:

And people joked about how great it was to not have to see all of the delivery horror stories:

Tesla eventually did restore the forum back to normal.

But there are random people and ex-employees who can hijack Tesla’s website and view the contact information of all of their customers. It seems crazy to me that a technologically advanced company like Tesla can have such a gaping security hole.

I still don’t have my Model 3 back. I’d probably ask for them to give me a new one if I didn’t think it would affect my tax credit.

After driving a Tesla, driving a gas powered vehicle feels like stepping back in time. It’s hard to see myself going back, that’s how good the Tesla product is.

But overall, I just think it’s a shame that a company that makes such an incredible product can have such poor service and nobody who is able to rectify things.

Epilogue:

I finally did get my car back on Tuesday. I was able to speak with the branch manager and was able to get the full self-driving option added for $3,000 and the lifetime LTE data added for free. Additionally the manager gave me 2 free full car servicings and a Tesla home charging wall connector as compensation for my issues. That seems fair enough given that there is no recognizable scratch.

Interestingly enough, the NY Times ran a story today about Tesla Delivery Logistics Hell.

Tesla also responded about the privacy issue as follows,

Hi Daniel,

We take any reported security vulnerability very seriously so thanks very much for reaching out to us about this.

We investigated your report and found that when you called our customer support line, you were inadvertently granted a higher level of access to the Tesla forum by mistake. As you may be aware, the Tesla forums are a separate portion of Tesla’s online presence and not connected to our main website or digital channels. This inadvertent access gave you visibility into the email addresses associated with user profiles, but you did not have access to any other personally identifiable information of individuals on the forums. As soon as we realized this, we immediately revoked your elevated level of access and confirmed that no other customers were inadvertently granted this type of access.

As you pointed out, a very small number of former employees who had left Tesla could still access the forum with their prior privileges. Based on our investigation, we have no reason to believe that these stale accounts resulted in any kind of abuse. The permissions of these accounts have now been downgraded appropriately following a full audit, and we have taken steps to ensure that this will not happen again. Again, this only involved access to our forum, and did not in any way affect customer vehicles or other digital accounts or channels.

In order for us to provide you with a bounty reward for your report, we ask that you report this officially through our Bug Crowd page at https://bugcrowd.com/tesla. Upon doing so, please feel free to reference this issue and email thread.

If you have any other questions please let us know. Thanks again for your help.

Best,
The Tesla Team

I did submit the bug report and it was graded as a level 2 priority out of 5, with 1 being critical and 2 being high. The bounty level for self-reporting the bug to Tesla and will be determined within 30 days.

Tesla addressed the issue of ex-employees, but not about the Gmail and Yahoo addresses that also had access to everyone’s profiles. Hopefully they fixed the profiles on those accounts as well, though I no longer have any way of verifying that.

Would I go through all of this again if I were still buying a new car?

I thought about that while my car was in the body shop. Tesla’s loaner car was a Mustang and while I’ve always enjoyed the pony car in the past, after driving a Tesla it felt like I has on a horse and buggy. I guess that means I am part of the Tesla cult?

Still want to own what will very likely be the most incredible car you have ever driven and roll the dice on the service? Here’s my referral code that will get you 6 months of free supercharging with your new Tesla.