Mini Big Hype
Image default
Business Tech

North America Gitcimpanuzdnet, Cimpanu on Zdnet Reports Nissan (North America) Source Code Leaked

Nissan’s source code was leaked via a Git server which compromised their digital assets such as mobile app, research, tools, and the company’s valuable data, Cimpanu reports on ZDNET.

In a recent security breach (North America Gitcimpanuzdnet) on Nissan North America’s git server, the widely acknowledged car company’s digital assets were breached via a misconfigured git server which resulted in the loss of useful and confidential company data.

Contents

The Leak Behind Nissan Source Code is No One But Nissan Itself

One would assume that it was a team of high-skilled hackers who breached the company’s security, but the real story tells otherwise. In an interview with a Swiss-based software engineer, Tillie Kottmann, published on ZDNet, the engineer stated that the data leak originated via a misconfigured git server of the company.

The Leak Behind Nissan Source Code is No One But Nissan Itself
Image: Tillie Kottmann (sueddeutsche)

According to Kottmann, the company’s git server was reset to its default username and password combination of “Username: admin, Password: admin”, this way, the whole Git server was left “opened” for the internet.

As soon as the internet knew about the leak North America Gitcimpanuzdnet, the Git instance and its data were downloaded by torrentors and the illegal torrents started circulating in hacking forums, Telegram channels, and torrent websites. 

Kottmann, when talking with ZDNet, reported that he came to know about the leak from an anonymous source. Nevertheless, he started investigating the leak as well as the data as soon as he received the information.

It is noted that the Swiss researcher and software engineer Tillie Kottmann also pointed out a similar misconfiguration made by Mercedes on their GitLab server back in May 2020. Upon investigating the vulnerability pointed out by Kottmann, Mercedes even tipped the swiss engineer as thanks. Kottmann was generous enough to receive the tip and removed all the server data, just as Mercedes requested. 

What Kind of Data Was Leaked?

Upon investigating the leaked Git instance of Nissan North America, the Swiss engineer confirmed that the following data had been compromised:

  • Nissan NA Mobile Apps
  • Nissan’s internal core mobile library
  • Dealer Portal (and Business System)
  • Nissan NCAR/ICAR
  • Sales and marketing research tools and data
  • Nissan connect things
  • Nissan ASIST (a diagnostics tool)
These are just the notable instances; much more data was leaked than we wrote above. To comment on the leak, a Nissan spokesperson responded to ZDNet and made the following statement:

:

What Kind of Data Was Leaked in north america gitcimpanuzdnet

Nissan conducted an immediate investigation regarding improper access to proprietary company source code. We take this matter seriously and are confident that no personal data from consumers, dealers, or employees were accessible during this security incident. The affected system has been secured, and we are confident that there is no information in the exposed source code that would put consumers or their vehicles at risk.

The Public Didn’t Like What Nissan was Up To

When the tech geeks came to know what Nissan North America was up to, they made some really harsh statements. For instance, some tech people on Twitter criticized Nissan’s approach of using other departments’ resources to scrape web data for marketing purposes. One person actually offered Nissan to make a dedicated API to exchange data between departments.

The Public Didn’t Like What Nissan was Up To

The leaks show that Nissan’s tech department needs improvement, and they can do better by hiring the right people and taking the right approach when it comes to using data scraping tools. As for the hack, the Data has been compromised, but the right people have looked into the vulnerabilities and are looking forward to keeping it secure for future endeavors.

Trending Read:

Equifax Makes a Big Move: An Investment of $640M in AI-driven Fraud Prevention, Equifax Kount AI ID 640m Equifax

Related posts

Learning HDR Photography: 6 Steps on How To Make Effective HDR Photos

admin

Can You Connect 2 USB Cables Together?

admin

Is EDP Services A Good Career Path?

Salman Ahmad Siddiqui

Leave a Comment