In 2023, vulnerabilities in Tata Motors’ systems exposed over 70 terabytes of sensitive data, including personal customer details and financial information. Ethical hacking uncovered hardcoded AWS access keys on the E-Dukaan platform, enabling unauthorized access to cloud storage buckets. The disclosed weaknesses raise concerns about data safety in major automakers.
Among the exposed data were admin order reports totaling 40 GB and sensitive customer details like names and addresses. Issues extended to Tata’s FleetEdge system, where encrypted AWS keys could be decrypted via client-side code, allowing access to substantial fleet data. Further weaknesses included a backdoor in E-Dukaan that enabled passwordless admin access to internal data and exposed APIs jeopardizing fleet management. Despite reporting these problems to India’s CERT-In on August 8, 2023, remediation was delayed, raising transparency concerns regarding Tata Motors’ data handling practices.
👉 Pročitaj original: Cyber Security News
