On August 10th, a tweet (x-weet?) by CNBC Executive Editor Jay Yarow went viral after he said his Tesla Model X that was totaled in 2022 came back online in Ukraine and started sending his phone notifications. Someone was even logged into his Spotify account and listening to Drake. According to CNBC, Yarow discovered where the car – or its computer – was by opening up his Tesla app and using a geolocation feature.
The outlet says that after the car was totaled, it was put up for auction on Copart – which currently has over 1,600 Teslas listed for sale. The website specializes in damaged and totaled vehicles with salvage titles, much like Yarow’s former Model X. Cars with these titles cannot be legally driven on U.S. roads without major fixes, but not every country is as stringent, according to CNBC. A source tells the outlet that because of this, a lot of cars will end up on the secondary market and are then shipped overseas.
The practice has been going on for decades and accelerated with the rise of digital auctions, according to Steven Lang, an auctioneer and founder of used car marketplace 48 Hours And A Used Car.
“Starting in the Y2K era, the digital auction site took over. So now you can have someone in Ukraine bidding on it. And then someone else from Norway bidding on it … and you haven’t even touched an American border or an American bidder,” said Lang, who has been in the vehicle auction business for more than 24 years.
“Virtually all of the vehicles that are totaled will end up at a salvage auction,” he said.
One online auction website that specializes in such sales estimated the winning bid for the vehicle would be between $27,400 and $29,400. A final sale price was not immediately known. Neither the salvage yard nor Copart immediately responded for comment about the vehicle and who bought it.
CNBC reports that Tesla staff told Yarow he should disconnect the now-Ukrainian Model X from his account. However, the automaker did not tell him how he was supposed to obtain the new owner’s information since he wasn’t the one who sold the car.
After Yarow’s post took off, users on X (good lord that sounds dumb) wanted to know why this was happening and if it was a security risk. Intrepid reporters at CNBC reached out to Ken Tindell at an automotive security firm called Canis Labs to see what the deal was.
He explained in an email to CNBC, “The credentials to internet services are clearly left in the vehicle electronics and then can be used by whoever gets hold of the electronics.” He added, “In general it’s possible to get data out of working electronics — it’s merely a question of how much effort that takes.”
This is far from a Tesla-specific issue, he said. Cars, like laptops, smartphones, and even refrigerators and TVs, are now internet-connected devices that can store personal data.
“I think it needs to be more widely understood by dealers and owners that there is this issue of private data within the vehicle,” Tindell said.
Anyway, I won’t give too much else away. You really should head over to CNBC and read all about how a crashed Tesla Model X ended up in Ukraine.
