The source code of several Nissan North America applications and services has been leaked due to a misconfiguration of the company's Git server.
The leak originated from a Git server (a Bitbucket instance) that was left exposed on the Internet with the default username and password combination (admin / admin), according to statements from Tillie Kottmann, a software engineer based in Switzerland, who analyzed the Nissan data breach.
Among the data stored in the repository was the source code for Nissan's mobile applications, parts of the Nissan ASIST diagnostic tool, Nissan Connect Things, Infiniti NCAR, ICAR services, along with other assets such as sales tools, customer acquisition and retention tools, market research data, and the vehicle logistics portal. All of this sensitive information was exposed on Monday, January 4th.
Although the vulnerable server was taken offline on Tuesday, as soon as Nissan was alerted to the security issue, by that point the leaked data was already being shared across the Internet through P2P networks, Telegram, forums, the deep web, …
Contents of the torrent file with the leaked data. Source: zdnet.com
The security incident has been confirmed by Nissan North America, where a spokesperson stated that an investigation has been launched into the disclosure of this confidential information and that the process of requesting its removal from sites sharing it has been initiated.
This is not the first time a similar situation has occurred and, unfortunately, it will not be the last: in May of last year, the source code of several Mercedes-Benz applications and tools was leaked due to an equally misconfigured GitLab server.
More information:
Nissan Source Code Leaked via Misconfigured Git Server
https://www.darkreading.com/risk/nissan-source-code-leaked-via-misconfigured-git-server/d/d-id/1339845
Nissan source code leaked online after Git repo misconfiguration
https://www.zdnet.com/article/nissan-source-code-leaked-online-after-git-repo-misconfiguration/
Tillie Kottmann
https://twitter.com/antiproprietary/status/1346238588476915713
[Cybersecurity Analyst Course](https://cobracr.com/product/cyber1/)Learn about our Cybersecurity Analyst course and dive into the world of cybercrime and how to protect companies against attacks
Leave a Comment
Comments are reviewed before publishing.