Nissan source code leaked online after Git repo misconfiguration

by | Jan 7, 2021

nissan source code leaked

Post Views: 6,559

style="display:block" data-ad-client="ca-pub-6620833063853657" data-ad-slot="8337846400" data-ad-format="auto" data-full-width-responsive="true">
 
 
 

 

 

Reading Time: 1 Minute

 

Nissan was allegedly running a Bitbucket Git server with the default credentials of admin/admin.

 

 

The source code of mobile apps and internal tools developed and used by Nissan North America has leaked online after the company misconfigured one of its Git servers.

The leak originated from a Git server that was left exposed on the internet with its default username and password combo of admin/admin, Tillie Kottmann, a Swiss-based software engineer, told ZDNet in an interview this week.

Kottmann, who learned of the leak from an anonymous source and analyzed the Nissan data on Monday, said the Git repository contained the source code of:

  • Nissan NA Mobile apps
  • some parts of the Nissan ASIST diagnostics tool
  • the Dealer Business Systems / Dealer Portal
  • Nissan internal core mobile library
  • Nissan/Infiniti NCAR/ICAR services
  • client acquisition and retention tools
  • sale / market research tools + data
  • various marketing tools
  • the vehicle logistics portal
  • vehicle connected services / Nissan connect things
  • and various other backends and internal tools

 

 
See Also: Telegram Triangulation Pinpoints Users’ Exact Locations

 

style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>

 

nissan-content.png
Image: ZDNet 
 

 

 

See Also: Offensive Security Tools: FireEye Red Team Tool Countermeasures

 

style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>

 

NISSAN IS INVESTIGATING THE LEAK

 

The Git server, a Bitbucket instance, was taken offline yesterday after the data started circulating on Monday in the form of torrent links shared on Telegram channels and hacking forums.

Reached out for comment, a Nissan spokesperson confirmed the incident.

“We are aware of a claim regarding a reported improper disclosure of Nissan’s confidential information and source code. We take this type of matter seriously and are conducting an investigation,” the Nissan rep told ZDNet in an email.

style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>  

See Also: Steganography – How images can hide secret messages in plain sight

 

The Swiss researchers received a tip about Nissan’s Git server after they found a similarly misconfigured GitLab server in May 2020 that leaked the source code of various Mercedes Benz apps and tools.

Mercedes eventually admitted to the leak, and Kottmann, who was hosting the leaked data, also removed it from their server at the company’s request.

 

Source: www.zdnet.com

 

 
(Click Link)

 

 

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This