Indian automotive giant Tata Motors has addressed a series of major security vulnerabilities that exposed confidential internal data, including customer details, dealer information, and company reports. The flaws were discovered in the company’s E-Dukaan portal, an online platform used for purchasing spare parts for Tata commercial vehicles.
According to security researcher Eaton Zveare, the exposed data included private customer information, confidential documents, and access credentials to Tata Motors’ cloud systems hosted on Amazon Web Services (AWS).
Headquartered in Mumbai, Tata Motors is a key global player in the automobile industry, manufacturing passenger, commercial, and defense vehicles across 125 countries.
Zveare revealed to TechCrunch that the E-Dukaan website’s source code contained AWS private keys that granted access to internal databases and cloud storage. These vulnerabilities exposed hundreds of thousands of invoices with sensitive customer data, including names, mailing addresses, and Permanent Account Numbers (PANs). Zveare said he avoided downloading large amounts of data “to prevent triggering alarms or causing additional costs for Tata Motors.”
The researcher also uncovered MySQL database backups, Apache Parquet files containing private communications, and administrative credentials that allowed access to over 70 terabytes of data from Tata Motors’ FleetEdge fleet-tracking software. Further inves
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: