TeslaMate hobby servers are leaking detailed Tesla vehicle data for over 1,300 exposed dashboards online.
Security researcher Seyfullah Kiliç found that these Tesla owners accidentally made their private servers public. No passwords required to access granular info like location history, vehicle speed, charging habits, and trip data.
TeslaMate is an open-source self-hosted logger for Tesla vehicle stats, but if not properly secured, it spills sensitive info to anyone who finds it online. 
Kiliç scraped location and Tesla model data from the public dashboards and plotted them for proof.
TeslaMate users are urged to enable authentication and firewall rules immediately to stop exposure.
Kiliç told TechCrunch:
“You’re unintentionally sharing your car’s movements, charging habits, and even vacation times with the entire world.”
“The goal was to show Tesla owners and the open-source community that without basic [authentication] or firewall rules, sensitive data (GPS, charging, trips) can be leaked.”
This isn’t new. A 2022 fix limited some public access, but users still accidentally expose their dashboards online. The number of exposed TeslaMate servers has surged from dozens in 2022 to over a thousand now.
Kiliç’s advice is simple:
“If you plan to run TeslaMate on a public-facing server, you must secure it.”
Tesla owners who self-host TeslaMate should double-check their security settings—right now.
