Nissan source code leaked online after Git repository misconfigured

by



[ad_1]

nissan-logo.jpg

Image: Daniel Demers

Source code for mobile apps and internal tools developed and used by Nissan North America was leaked online after the company misconfigured one of its Git servers.

The leak comes from a Git server that was left exposed on the internet with its combined default username and password from admin / admin, Tillie Kottmann, a software engineer based in Switzerland, said ZDNet in an interview this week.

Kottmann, who learned of the leak from an anonymous source and analyzed Nissan data on Monday, said the Git repository contained source code for:

  • Nissan NA mobile apps
  • some parts of Nissan ASIST diagnostic tool
  • the Dealer Business Systems / Dealer Portal
  • Nissan Internal Core Mobile Library
  • Nissan / Infiniti NCAR / ICAR Services
  • customer acquisition and retention tools
  • sales / market research tools + data
  • various marketing tools
  • the portal for vehicle logistics
  • connected vehicle services / Nissan connect Things
  • and various other backends and internal tools
nissan-content.png

Image: ZDNet

Nissan investigates the leak

The Git server, an instance of Bitbucket, was taken offline yesterday after data began flowing in the form of torrent links shared on Telegram channels and hacking forums on Monday.

Asked for comment, a Nissan spokesperson confirmed the incident.

“We are aware of a complaint regarding improper disclosure of Nissan’s confidential information and source code. We take this type of issue seriously and are investigating,” said the Nissan representative. ZDNet in an email.

Swiss researchers received advice on Nissan’s Git server after finding an equally misconfigured GitLab server in May 2020 that leaked the source code for various Mercedes Benz apps and tools.

Mercedes eventually admitted to the leak, and Kottmann, which hosted the leaked data, also deleted it from their server at the company’s request.



[ad_2]

Source link