Source code of Nissan's confidential information leaked to the Internet
It turned out that the source code of the in-house tool used for the development of Nissan North America, Nissan's North American corporation, was leaked to the Internet.
Nissan source code leaked online after Git repo misconfiguration | ZDNet
Swiss-based software engineer Tiri Cotman first reported the source code leak. Mr. Cotman learned from an anonymous source that the Nissan source code is stored on the Git server in the default state of user name 'admin' and password 'admin'.
RELEASE: Nissan North America Source Code Dump— Tillie, doer of crime ???????????????? (@antiproprietary) January 4, 2021
A COMPLETE dump of all git repositories from Nissan NA, most notably including sources for:
--the Nissan NA Mobile apps
--some parts of the ASIST diagnostics tool
--the Dealer Business Systems / Dealer Portal
(1 / n) pic.twitter.com/ltDvg9blTB
When Mr. Cotman actually accessed it, the following source code was included in the Git repository.
・ Nissan North America mobile app
・ Part of Nissan Assist Diagnostic Tool
・ Dealer's business system / dealer portal
・ Nissan's internal core mobile library
・ Nissan Infiniti NCAR / ICAR service
· Tools for customer acquisition and retention
・ Sales and marketing research tools and data
・ Various marketing tools
・ Car connection service
・ Various other internal tools and backend tools
Information began to be shared on hacking forums and other media from around January 4, 2021, after which Nissan took the Git server offline on the 5th. When ZDNet, an IT news site, contacted a Nissan spokesperson, 'We are aware of allegations that Nissan's confidential information and source code have been released in an improper manner. We are aware of this. We take this seriously and are investigating it. '
In addition, Mr. Cotman discovered the source code leak of Mercedes-Benz in 2020 as well. At this time, the automobile manufacturer Daimler acknowledged the data leak, and Mr. Cotman, who finally owned the leaked information, also deleted the data from the server at Daimler's request.
Mercedes-Benz in-vehicle arithmetic unit (OLU) source code leaked --GIGAZINE