The famous Indian car company Tata Motors has just confirmed that it has fixed a series of serious security vulnerabilities, exposing sensitive data of the company and customers.
The incident was discovered by security researcher Eaton Zveare at E-Dukaan, an e-commerce portal that specializes in providing accessories for Tata commercial vehicles.
Zveare said that the portal's web source code contains separate locks that allow access and editing data on Amazon Web Services (AWS), thereby revealing hundreds of thousands of invoices with personal information such as the customer's name, address, fixed account number and PAN code.
There are also database Backup MySQL, Apache Parquet, APIs and data from fleet management platforms fleetEdge and Azuga.
The researchers confirmed that they have not committed any large-scale data mining, in order to avoid causing damage to Tata Motors.
However, quyen quyen quyen quyen quyen allow in-depth access to internal financial reports, agency scores and other sensitive information.
Zveare reported the problem to Tata Motors via CERT-In in August 2023.
Tata Motors confirmed that all security issues have been resolved, but it is unclear whether the information will be notified to affected customers.
Sudeep Bhalla, communications director of Tata Motors, emphasized: Our infrastructure is periodically inspected by reputable cybersecurity companies. We maintain a log of access and work with security experts to minimize potential risks.
This incident once again shows the importance of cybersecurity monitoring in the auto industry, especially as customer and business data becomes an increasingly popular attack target.
Tata Motors is committed to improving security, protecting sensitive information and strengthening customer trust globally.
