Tata Motors Leak Exposes 70TB via AWS Key Flaws

Tata Motors Leak Exposes more than 70 terabytes of customer and operational data due to critical flaws in the company’s cloud infrastructure. Security researcher Eaton Zveare found hardcoded AWS access keys embedded in Tata’s E-Dukaan platform, giving unrestricted access to cloud storage buckets containing sensitive customer records, market data, and financial documents.

The exposed credentials unlocked database backups, order reports, and Indian PAN numbers, raising concerns over the automaker’s data handling practices. Another instance of the Tata Motors Leak Exposes flaw was found in the FleetEdge system, where encrypted AWS keys were easily decrypted, granting access to decades of fleet data and enabling possible malware uploads.

Additionally, E-Dukaan’s code included a backdoor to internal Tableau dashboards, bypassing authentication controls. Despite reporting the issues to India’s CERT-In in August 2023, Tata Motors delayed remediation until January 2024 without public disclosure.

Read the full official news article at:

Tata Motors Data Leak – 70+ TB of Sensitive Info and Test Drive Data Exposed via AWS Keys