Tata Motors confirms it fixed security flaws, which exposed company and customer data

Indian automotive giant Tata Motors addressed multiple critical security vulnerabilities that exposed sensitive internal data, including personal customer information, company reports, and dealer data. Security researcher Eaton Zveare discovered these flaws in Tata Motors’ E-Dukaan e-commerce portal for spare parts, where the web source code contained private Amazon Web Services (AWS) keys. These keys granted access to hundreds of thousands of invoices with customer details such as names, addresses, and PAN numbers, as well as MySQL backups, Apache Parquet files, and over 70 terabytes of data related to Tata Motors’ FleetEdge tracking software. Additionally, Zveare found backdoor admin access to a Tableau account with data on over 8,000 users and API access to the company's fleet management platform, Azuga. After reporting the issues to Tata Motors via India’s CERT-In in August 2023, the company confirmed to TechCrunch that all vulnerabilities were thoroughly reviewed and fully remediated within the same year. Tata Motors emphasized its commitment