The source code of mobile apps and internal tools developed and used by Nissan North America was leaked online due to misconfiguration on one of the company’s Git servers.
According to a Swiss-based software engineer Tillie Kottmann, the leak originated from a Git server that was left exposed on the internet with its default username and password combo of admin/admin.
Kottmann came to know about the leak from an anonymous source and analyzed the Nissan data on Monday. He said that the Git repository contained the source code of:
- Nissan NA Mobile apps
- some parts of the Nissan ASIST diagnostics tool
- the Dealer Business Systems / Dealer Portal
- Nissan internal core mobile library
- Nissan/Infiniti NCAR/ICAR services
- client acquisition and retention tools
- sale / market research tools + data
- various marketing tools
- the vehicle logistics portal
- vehicle connected services / Nissan connect things
- and various other backends and internal tools
The data was circulating as torrent links shared on Telegram channels and hacking forums and the Git server, a Bitbucket instance, was taken offline.
A Nissan spokesperson confirmed the incident and stated that they have taken the matter seriously and have started an investigation into it.
Image Credits : Gresham Smith