Source code of Nissan's confidential information leaked to the Internet



It turned out that the source code of the in-house tool used for the development of Nissan North America, Nissan's North American corporation, was leaked to the Internet.

Nissan source code leaked online after Git repo misconfiguration | ZDNet
https://www.zdnet.com/article/nissan-source-code-leaked-online-after-git-repo-misconfiguration/



Swiss-based software engineer Tiri Cotman first reported the source code leak. Mr. Cotman learned from an anonymous source that the Nissan source code is stored on the Git server in the default state of user name 'admin' and password 'admin'.



When Mr. Cotman actually accessed it, the following source code was included in the Git repository.

・ Nissan North America mobile app
・ Part of Nissan Assist Diagnostic Tool
・ Dealer's business system / dealer portal
・ Nissan's internal core mobile library
・ Nissan Infiniti NCAR / ICAR service
· Tools for customer acquisition and retention
・ Sales and marketing research tools and data
・ Various marketing tools
・ Car connection service
・ Various other internal tools and backend tools

Information began to be shared on hacking forums and other media from around January 4, 2021, after which Nissan took the Git server offline on the 5th. When ZDNet, an IT news site, contacted a Nissan spokesperson, 'We are aware of allegations that Nissan's confidential information and source code have been released in an improper manner. We are aware of this. We take this seriously and are investigating it. '

In addition, Mr. Cotman discovered the source code leak of Mercedes-Benz in 2020 as well. At this time, the automobile manufacturer Daimler acknowledged the data leak, and Mr. Cotman, who finally owned the leaked information, also deleted the data from the server at Daimler's request.

Mercedes-Benz in-vehicle arithmetic unit (OLU) source code leaked --GIGAZINE

in Software,   Ride,   Security, Posted by logq_fa