Tata Motors confirms it fixed security flaws, which exposed company and customer data | TechCrunch

Tata Motors confirms it fixed security flaws, which exposed company and customer data | TechCrunch

Briefly

"Zveare said he found that the portal's web source code included the private keys to access and modify data within Tata Motors' account on Amazon Web Services, the researcher said in a blog post. The exposed data, Zveare told TechCrunch, included hundreds of thousands of invoices containing customer information, such as their names, mailing addresses, and permanent account number (PAN), a 10-character unique identifier issued by the Indian government."

""Out of respect for not causing some type of alarm bell or massive egress bill at Tata Motors, there were no attempts to exfiltrate large amounts of data or download excessively large files," the researcher told TechCrunch. There were also MySQL database backups and Apache Parquet files that included various bits of private customer information and communication, the researcher noted. The AWS keys also enabled access to over 70 terabytes of data related to Tata Motors' FleetEdge fleet-tracking software."

"Zveare also found backdoor admin access to a Tableau account, which included data of over 8,000 users. "As server admin, you had access to all of it. This primarily includes things like internal financial reports, performance reports, dealer scorecards, and various dashboards," the researcher said. The exposed data also included API access to Tata Motors' fleet management platform, Azuga, which powers the compa"