Data Breaches

Nissan source code leaked online

0

The source code of mobile apps and internal tools developed and used by Nissan North America was leaked online due to misconfiguration on one of the company’s Git servers.

According to a Swiss-based software engineer Tillie Kottmann, the leak originated from a Git server that was left exposed on the internet with its default username and password combo of admin/admin.

Kottmann came to know about the leak from an anonymous source and analyzed the Nissan data on Monday. He said that the Git repository contained the source code of:

  • Nissan NA Mobile apps
  • some parts of the Nissan ASIST diagnostics tool
  • the Dealer Business Systems / Dealer Portal
  • Nissan internal core mobile library
  • Nissan/Infiniti NCAR/ICAR services
  • client acquisition and retention tools
  • sale / market research tools + data
  • various marketing tools
  • the vehicle logistics portal
  • vehicle connected services / Nissan connect things
  • and various other backends and internal tools

The data was circulating as torrent links shared on Telegram channels and hacking forums and the Git server, a Bitbucket instance, was taken offline.

A Nissan spokesperson confirmed the incident and stated that they have taken the matter seriously and have started an investigation into it.

Image Credits : Gresham Smith

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    WhatsApp to require users to share data with Facebook

    Previous article

    SolarWinds hackers also accessed U.S. DoJ’s email server

    Next article

    You may also like

    Comments

    Leave a reply

    Your email address will not be published. Required fields are marked *