Tata Motors, the Indian automotive giant, has swiftly responded to security vulnerabilities that inadvertently exposed internal data, customer information, and dealer details. The flaws were discovered by security researcher Eaton Zveare within Tata Motors’ E-Dukaan unit, an e-commerce platform for purchasing spare parts for Tata-made commercial vehicles. Zveare uncovered that the portal’s source code contained private keys providing unauthorized access to Tata Motors’ account on Amazon Web Services, potentially compromising sensitive data.
The exposed data included invoices with customer details like names, addresses, and PAN numbers, a unique identifier issued by the Indian government. Despite the discovery, Zveare ensured no large data breaches occurred. Additionally, MySQL database backups and Apache Parquet files containing private customer information were accessible using the compromised keys. Moreover, access to over 70 terabytes of data related to Tata Motors’ FleetEdge fleet-tracking software was at risk, alongside admin access to a Tableau account with data from 8,000 users.
This incident underscores the critical importance of robust cybersecurity measures for companies dealing with sensitive data, urging organizations to prioritize thorough security assessments and prompt issue resolution to safeguard customer and internal information.
Source: TechCrunch