The Tesla Model 3, the much-anticipated $35,000-starting priced electric car from the Elon Musk-owned company, is a thoroughly modern, decently-reviewed car that’s turning out to be fairly popular in the US. In fact, according to The Drive, an automotive news and reviews site, one of them was stolen at the Mall of America in Bloomington, Minnesota recently, and not through conventional means.

The publication reports that the car was stolen through some customer support trickery. Phoning Tesla’s customer support, he somehow managed to get the model vehicle’s unique vehicle identification number (VIN) sent to his own smartphone. Once he did so, he could unlock it and drive it away, no key required.

Disabling GPS tracking on the car, it initially looked as if the thief had got away with his sneaky crime. However, the savvy owner of the Tesla managed to follow the car’s location through its Supercharging points, which was handed over to authorities. Eventually, the car and perpetrator were found in Waco, Texas, around 1,600 kilometers (1,000 miles) from the starting point.

This wasn’t a smartphone hack, remember. This was all thanks to the fact that the thief managed to get his hands on the VIN, which is a PIN for your Tesla. This 17-digit-long code tells people who manufactured the car, what make and body type it has, what battery type it contains, where it was made, and so on.

The VIN can be found on a range of places, including within the car. The original window sticker apparently displays it, as does the metal plate on the dash, which according to this site is visible from the outside of the car, via the bottom of the window on the drivers’ side.

With that in mind, the theft makes more sense. Chat on the forums of Y Combinator suggests the thief clocked this VIN, which he then used to identify himself as the possible owner of the car via customer service. Using his now-authenticated smartphone, he unlocked the Model 3 using Bluetooth and drove away.

At least, that’s the thinking. Specific details aren’t available at this point, but it seems like this is a plausible explanation. It also suggests that perhaps the VIN shouldn’t be quite so visible from outside of the car. This definitely wasn’t a computer hack that puts every Tesla Model 3 owner at risk, but there should be some raised eyebrows at Tesla for what seemed like a surprisingly easy breach.