TuneIn hacked my credit card

[JayElDee]

TESLA NEEDS TO FIX THIS NOW
I've had my MYLR for nearly a year and now I have another reason to HATE the so-called "entertainment" system. Love the car except for this and for me it is an Achilles heel.
It is incredibly needlessly complex and cluttered and, it seems, cannot be addressed in any user configurable way, like an iPad or a smartphone. Why?

I have to live with icons for MSNBC, Garth Brooks greatest hits and about a million other icons on multiple pages with headings like "Recent" and "For You" and "Stuff You Would Delete If Possible." There is NO user configurable page and For You doesn't count.
TuneIn is amazingly primitive. The display on my Honda Accord is FAR better, but as I said I now have a new reason to hate it.

Another user suggested that if I log in on my phone to TuneIn I can configure my screen.
If you log in to TuneIn on the Tesla display a QR code comes up that takes you to the TuneIn webpage to log in. Even though there is a free version, they still ask for a credit card for verification. Yes, sketchy...I thought only porn sites did that.
I tried two Capital One venture VISA cards multiple times and every time I got the message that they were "sorry" my cards were not acceptable for their system. It wasn't that they couldn't verify or there was an absent field, but more like Captial One Venture cards were just not accepted. Hmmm, sketchier yet, so, foolishly, I tried my wife's USAA VISA. This one got farther but still asked me repeatedly to "update my card info" and would go no farther.
Screw that. I gave up.
Within about 5 minutes, my wife was getting a call from USAA abut her VISA card, the one I just used, questioning a charge. I told her that was me and explained. She said the USAA rep reported the charge to be $39.99. Huh? For what? An "escort service" in DC.
So, not only is the display user hostile, but one of its major functions is stealing and selling credit card information.

 

[father_of_6]

A premium account at TuneIn.com is $9.99 per month. A bit of googling, there appear to be third-parties offering discounts on an annual subscription for $39.99... might you have tried to purchase from one of them?

I suspect you gave your payment info to an illegitimate third-party.

 

[Kairide]

Huh? You lost me at porn sites and escorts.
The important question is, what “service” can you get in DC for $39.99?

 

[JulienW]

So Tesla engineers "need to fix" the internet in their spare time?

 

[derotam]

Not much of a "hack" if you GAVE them your credit card info..wait THREE credit cards.

Devils advocate now... IF the website where the OP entered the credit card info was a Scam/Fraudulent website, then where did it come from? The OP says there was a QR code in the Tesla when they went to log in to the TuneIn account and they went to the site that was coded in the QR code...So now where did that QR code come from? Was it from the TuneIn API that Tesla is using or is it something coded by Tesla? I would assume it is from the TuneIn API... In either case, IF the site where the OP put in their credit card info was a fradulent/scam site, then it should be reported to Tesla...and Tesla would/should do something about it on their end.

 

[JayElDee]

Ok, let me spell this out more clearly. If one tries to sign up for TuneIn on the display in the car a QR code comes upis displayed. Take a picture of it and you are sent to the TuneIn website that describes the services offered by TuneIn. One of the services is a free account; there are others. I chose the free account. In order to sign up for the free account a credit card is needed "for verification." This was the QR code that the Tesla display showed. Yes, I put my credit card info in, as one would for any reputable online service, assuming TuneIn is one. Within minutes, one card number was stolen and used. Within a couple of hours the two other cards were used fraudulently. Fortunately USAA and Cap One recognized declined, alerting us.
A fraudulent link displayed on a OEM Tesla screen for a service that is included in the Tesla software is definitely something they would need to know about. This was a link given to me by Tesla/TuneIn and it directly led to 3 credit cards being stolen.

 

[JayElDee]

Not much of a "hack" if you GAVE them your credit card info..wait THREE credit cards.

Devils advocate now... IF the website where the OP entered the credit card info was a Scam/Fraudulent website, then where did it come from? The OP says there was a QR code in the Tesla when they went to log in to the TuneIn account and they went to the site that was coded in the QR code...So now where did that QR code come from? Was it from the TuneIn API that Tesla is using or is it something coded by Tesla? I would assume it is from the TuneIn API... In either case, IF the site where the OP put in their credit card info was a fradulent/scam site, then it should be reported to Tesla...and Tesla would/should do something about it on their end.

exactly, thank you

 

[JayElDee]

Tried to contact TuneIn, they don't open until 8a PDT. They have not yet responded to my email alerting them of fraudulent activity on their website, sent last night.
Called Tesla. They were VERY interested in this, kicked it up to supervisor or higher level. Tesla said the QR code was provided to them from TuneIn, but recognized it was facilitated, at least, by Tesla and said it was something they needed to look at now and are doing so, thanking me for the alert.

 

[derotam]

Ok just went out to my car and looked at this in a limited manor because I don't want to change the current operation of my stuff...

The QR code looks legit. It does go to the tune in website.
The QR code looks like it might be directly keyed to your vehicle(which is why I didn't go very far and change the current operation of my car)

I am going to say there is no fraud(per se) and there is nothing wrong with what Tesla is doing. I think your issue is with TuneIn and with TuneIn ONLY in their accounts process. At this point whether they messed up or you messed up somehow or a combination of both is up in the air with me.

Bottom line, your issue is with TuneIn and TuneIn only.

 

[CapsEngineer]

Ok just went out to my car and looked at this in a limited manor because I don't want to change the current operation of my stuff...

The QR code looks legit. It does go to the tune in website.
The QR code looks like it might be directly keyed to your vehicle(which is why I didn't go very far and change the current operation of my car)

I am going to say there is no fraud(per se) and there is nothing wrong with what Tesla is doing. I think your issue is with TuneIn and with TuneIn ONLY in their accounts process. At this point whether they messed up or you messed up somehow or a combination of both is up in the air with me.

Bottom line, your issue is with TuneIn and TuneIn only.

Based on this, it sounds similar to the recent Maryland license plate issue where someone didn't maintain their ownership of a website.

Maryland License Plates Accidentally Promote a Filipino Gambling Website

It all started when the state's plates listed a website about the War of 1812—but the site changed hands, leaving nearly a million drivers inadvertently advertising gambling.

www.caranddriver.com

 

[GeorgeC1]

Tesla is a absolutely involved in this and needs to get that QR codes out of the cars ASAP. They are providing a link to a fraudulent website. They have been made aware of that fact. They can fix it or any court will hold them liable for damages.

 

[derotam]

Tesla is a absolutely involved in this and needs to get that QR codes out of the cars ASAP. They are providing a link to a fraudulent website. They have been made aware of that fact. They can fix it or any court will hold them liable for damages.

It is not a fraudulent website, its TuneIn effing up their billing.

 

[Ronald Lyster]

I drive a 2023 Model Y. I subscribed to Tidal several months ago, and have been enjoying it. All worked well when I left for vacation 2 weeks ago. When I returned yesterday, I was asked to login to Tidal. To do so, the Tesla screen gave me this QR Code that directs you to a site at "fanjestic.com":

I followed these instructions and was asked a number of questions (name, address, etc.) to sign up for a "free account." It didn't like the credit cards I tried to use (lucky me). Chase Bank later warned me that this charge could be fraudulent, so I cancelled my card and am getting another one.
The "free account" is only free for 5 days and then they start charging for a "membership." For what I do not know - all I want to do is get Tidal back on my Tesla.

Anyone else have this issue? Can a Tesla screen suffer from malware and viruses?

 

[cgell]

I drive a 2023 Model Y. I subscribed to Tidal several months ago, and have been enjoying it. All worked well when I left for vacation 2 weeks ago. When I returned yesterday, I was asked to login to Tidal. To do so, the Tesla screen gave me this QR Code that directs you to a site at "fanjestic.com":
View attachment 968621
I followed these instructions and was asked a number of questions (name, address, etc.) to sign up for a "free account." It didn't like the credit cards I tried to use (lucky me). Chase Bank later warned me that this charge could be fraudulent, so I cancelled my card and am getting another one.
The "free account" is only free for 5 days and then they start charging for a "membership." For what I do not know - all I want to do is get Tidal back on my Tesla.

View attachment 968624
Anyone else have this issue? Can a Tesla screen suffer from malware and viruses?

I just checked the QR code (took a screenshot of your QR code and scanned it) and it goes to the correct tidal page. It's not the vehicle. I believe what you are experiencing is that your device (phone, computer, etc) or network was hacked or is somehow redirecting to a fraudulent page. Check for viruses and clear your history. Good luck.

 

[Ronald Lyster]

It worked. Thank you. Never expected a virus to manifest on my Tesla screen. I cleaned all temporary files and Chrome browsing history; ran an antivirus program; rebooted; scanned the QR code and this time it worked.

 

[swaltner]

BTW, it looks like some Polestar owners are seeing similar behavior.

Is TuneIn no longer free?

Today TuneIn won’t let me play any of my saved stations and is asking me to login. I don’t have an account, but when I scan the QR code in AAOS, it automatically takes me to a premium sign up page. I don’t see a free option and I have little interest in paying $100/year. I’ve been listening...

www.polestar-forum.com

 

[dusty22]

ran an antivirus program; rebooted; scanned the QR code and this time it worked.

Interesting, what antivirus program do you use to scan the Tesla browser?

 

[derotam]

It worked. Thank you. Never expected a virus to manifest on my Tesla screen. I cleaned all temporary files and Chrome browsing history; ran an antivirus program; rebooted; scanned the QR code and this time it worked.

You mean to say you did all that on your phone and then it worked, right? Any issue was with your phone, not the Tesla screen, as others had no problem with the code you originally provided. Just want to be clear here.

 

[cgell]

Interesting, what antivirus program do you use to scan the Tesla browser?

You don't need to scan the Tesla for viruses. That's not where the issue is. If you have this issue it is on your device that you are using to visit the QR link.

 

[dusty22]

You don't need to scan the Tesla for viruses. That's not where the issue is. If you have this issue it is on your device that you are using to visit the QR link.

Well, the way Ronald Lyster worded his post, it sounds like he did just that...

Never expected a virus to manifest on my Tesla screen. I cleaned all temporary files and Chrome browsing history; ran an antivirus program; rebooted; scanned the QR code and this time it worked.