Tata Motors has fixed multiple security loopholes that had exposed sensitive customer information and internal company data online. The issues, discovered by cybersecurity researcher Eaton Zveare, were found in the automaker’s E-Dukaan platform, a digital storefront for ordering spare parts for Tata’s commercial vehicles.
According to Zveare’s findings shared with TechCrunch, the E-Dukaan web app contained hardcoded private keys for Tata Motors’ Amazon Web Services (AWS) account. This misstep potentially gave anyone access to the company’s cloud storage, where large volumes of confidential data were stored.
Among the exposed information were hundreds of thousands of invoices, complete with customer names, addresses, and even Permanent Account Numbers (PANs). The leak also included database backups, internal documents, and communication files.
Even more alarming was the access to over 70 terabytes of data related to Tata’s FleetEdge vehicle tracking software — the same system that collects live data from commercial vehicles. Zveare also found administrator-level credentials for a Tableau analytics dashboard that contained reports on more than 8,000 users, including internal performance and financial data.
Zveare reported the vulnerabilities to CERT-In, India’s nodal cybersecurity agency, in August 2023. Tata Motors later confirmed that it had taken action to fix the issues and secure the data. “All vulnerabilities were addressed by the end of 2023,” the company told TechCrunch, though it did not specify if affected users were notified.
Sudeep Bhalla, Head of Communications at Tata Motors, said the company now conducts regular third-party audits and continuously monitors its systems for suspicious activity.
The incident is another reminder of how even legacy giants are not immune to cloud misconfigurations. In an increasingly digital India, where automotive, financial, and retail services are rapidly moving online, data security isn’t just an IT concern — it’s a brand trust issue.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
