NewsCompanySecurity & VulnerabilityTech

Misconfigured of a Git Server Leads to the Leak of Nissan North America Source Code

Owing to the mal-configuration of a business Git server, the Nissan North American source code was leaked online and was released with the default username and admin/admin password. 

Tillie Kottmann, Software Engineer, heard about the leak from an anonymous source and analyzed data she shared with ZDNet. 

The repository reportedly contained Nissan NA mobile apps, parts of the Nissan ASIST diagnostics tool, Nissan’s internal core mobile library, Dealer Business Systems and Dealer Portal, client acquisition and retention tools, market research tools and data, vehicle logistics portal, vehicle connected services, and various other back ends and internal tools, she reports.

Misconfigured of a Git Server Leads to the Leak of Nissan North America Source Code 2
Image source: www.twitter.com

The repository has since been brought down but is making rounds on various Telegram channels and hacker forums shared via torrent links. Nissan has since responded to the disclosure and is investigating.

When ZDNet Reached out for comment, a Nissan spokesperson confirmed the incident.

“Nissan conducted an immediate investigation regarding improper access to proprietary company source code. We take this matter seriously and are confident that no personal data from consumers, dealers or employees was accessible with this security incident. The affected system has been secured, and we are confident that there is no information in the exposed source code that would put consumers or their vehicles at risk,” the Nissan rep told ZDNet in an email.

Swiss researchers who had previously discovered exposed source code owned by Mercedes-Benz ( which leaked the source code of various Mercedes Benz apps and tools) announced that they had received a tip to exposed source code belonging to automobile maker Nissan.

Mercedes eventually admitted to the leak, and Kottmann, who was hosting the leaked data, also removed it from their server at the company’s request.

Tags

Drashti

Drashti is a free-spirited TheDigitalHacker contributor, who loves writing stories and listening to music. She loves learning and exploring new languages and cultures, and makes sure to click a picture of the same for her Memoir.
Back to top button
Close
Close