Tesla paid a large bug bounty for a blind-XSS vulnerability in one of its backend apps that allowed gleaning vital statistics about a vehicle. A hacker and web application security researcher, also an owner of a Tesla 3, found the bug by chance after trying to test its defenses against various attacks. The vulnerability was a Tesla subdomain that offered access to current information about the car, which included speed, temperature, firmware version, tire pressure, local timezone, and lock state. The company acknowledged the bug and rolled out a hotfix within about half a day.
Source: https://www.bleepingcomputer.com/news/security/cracked-tesla-3-windshield-leads-to-10-000-bug-bounty/

