Owing to the mal-configuration of a business Git server, the Nissan North American source code was leaked online and was released with the default username and admin/admin password.
Tillie Kottmann, Software Engineer, heard about the leak from an anonymous source and analyzed data she shared with ZDNet.
The repository reportedly contained Nissan NA mobile apps, parts of the Nissan ASIST diagnostics tool, Nissan’s internal core mobile library, Dealer Business Systems and Dealer Portal, client acquisition and retention tools, market research tools and data, vehicle logistics portal, vehicle connected services, and various other back ends and internal tools, she reports.
The repository has since been brought down but is making rounds on various Telegram channels and hacker forums shared via torrent links. Nissan has since responded to the disclosure and is investigating.
When ZDNet Reached out for comment, a Nissan spokesperson confirmed the incident.
“Nissan conducted an immediate investigation regarding improper access to proprietary company source code. We take this matter seriously and are confident that no personal data from consumers, dealers or employees was accessible with this security incident. The affected system has been secured, and we are confident that there is no information in the exposed source code that would put consumers or their vehicles at risk,” the Nissan rep told ZDNet in an email.
Swiss researchers who had previously discovered exposed source code owned by Mercedes-Benz ( which leaked the source code of various Mercedes Benz apps and tools) announced that they had received a tip to exposed source code belonging to automobile maker Nissan.
Mercedes eventually admitted to the leak, and Kottmann, who was hosting the leaked data, also removed it from their server at the company’s request.