Inside an Automotive Giant’s Data Leak — A Cloud Misconfiguration Lesson for AWS Users

**Executive summary:** A cloud misconfiguration at a South Asia-based automotive company exposed hard-coded AWS credentials and publicly accessible S3 buckets, allowing potential access to hundreds of buckets—including a ~70 TB data lake—containing customer personal data, invoices (PANs), database backups, and fleet telemetry; the report attributes the exposure to hard-coded keys, weak client-side encryption, over-privileged IAM roles, and lack of continuous monitoring and prescribes secrets management, least-privilege IAM, storage governance, and continuous compliance controls.