Nissan’s source code was leaked via a Git server which compromised their digital assets such as mobile app, research, tools, and the company’s valuable data, Cimpanu reports on ZDNET.
In a recent security breach (North America Gitcimpanuzdnet) on Nissan North America’s git server, the widely acknowledged car company’s digital assets were breached via a misconfigured git server which resulted in the loss of useful and confidential company data.
NEW: The source code of mobile apps and internal tools developed and used by Nissan North America has leaked online after the company misconfigured one of its Git servers, a BitBucket instances, which allegedly used admin/admin as its login credentialshttps://t.co/BkRek4u6Lz pic.twitter.com/MqM6pMBWKh
— Catalin Cimpanu (@campuscodi) January 6, 2021
The Leak Behind Nissan Source Code is No One But Nissan Itself
One would assume that it was a team of high-skilled hackers who breached the company’s security, but the real story tells otherwise. In an interview with a Swiss-based software engineer, Tillie Kottmann, published on ZDNet, the engineer stated that the data leak originated via a misconfigured git server of the company.
According to Kottmann, the company’s git server was reset to its default username and password combination of “Username: admin, Password: admin”, this way, the whole Git server was left “opened” for the internet.
As soon as the internet knew about the leak North America Gitcimpanuzdnet, the Git instance and its data were downloaded by torrentors and the illegal torrents started circulating in hacking forums, Telegram channels, and torrent websites.
Kottmann, when talking with ZDNet, reported that he came to know about the leak from an anonymous source. Nevertheless, he started investigating the leak as well as the data as soon as he received the information.
It is noted that the Swiss researcher and software engineer Tillie Kottmann also pointed out a similar misconfiguration made by Mercedes on their GitLab server back in May 2020. Upon investigating the vulnerability pointed out by Kottmann, Mercedes even tipped the swiss engineer as thanks. Kottmann was generous enough to receive the tip and removed all the server data, just as Mercedes requested.
What Kind of Data Was Leaked?
Upon investigating the leaked Git instance of Nissan North America, the Swiss engineer confirmed that the following data had been compromised:
- Nissan NA Mobile Apps
- Nissan’s internal core mobile library
- Dealer Portal (and Business System)
- Nissan NCAR/ICAR
- Sales and marketing research tools and data
- Nissan connect things
- Nissan ASIST (a diagnostics tool)
Nissan conducted an immediate investigation regarding improper access to proprietary company source code. We take this matter seriously and are confident that no personal data from consumers, dealers, or employees were accessible during this security incident. The affected system has been secured, and we are confident that there is no information in the exposed source code that would put consumers or their vehicles at risk.
The Public Didn’t Like What Nissan was Up To
When the tech geeks came to know what Nissan North America was up to, they made some really harsh statements. For instance, some tech people on Twitter criticized Nissan’s approach of using other departments’ resources to scrape web data for marketing purposes. One person actually offered Nissan to make a dedicated API to exchange data between departments.
The leaks show that Nissan’s tech department needs improvement, and they can do better by hiring the right people and taking the right approach when it comes to using data scraping tools. As for the hack, the Data has been compromised, but the right people have looked into the vulnerabilities and are looking forward to keeping it secure for future endeavors.
Equifax Makes a Big Move: An Investment of $640M in AI-driven Fraud Prevention, Equifax Kount AI ID 640m Equifax