Source code leak took place due to a misconfiguration error.
A misconfiguration in the infrastructure of repositories resulted in leaking the source code of dozens of mainstream, high-profile organizations from diverse sectors from tech, food, retail, finance, manufacturing, and e-commerce.
A reverse engineer and developer, Tillie Kottmann, collected the leaks, dubbed Exconfidential, from different sources while searching for misconfigured DevOps tools that provide access to source code, and stored them on a repository on GitLab.
See: Chinese COVID-19 detection firm hacked; source code sold on dark web
The list of affected companies is quite long, as according to Bank Security, around 50 organizations’ source code has become public. This includes bigwigs like:
Huawei owned Hisilicon
Johnsons Controls, to name a few.
List of affected companies and source code details shared by the researcher on their Twitter account:
Kottmann revealed that some of the folders are empty while some contain credentials such as code from fin-tech firms such as Fiserv, Mercury Trade Finance solutions, and Buczy Payments, access management, and identity developers like Pirean Access: one, and banks including Italy’s Banca Nazionale del Lavoro, etc.
See: Hacker Steals & Leaks Xbox Series X GPU Source Code
Furthermore, hardcoded credentials are available in the easy-to-access code repositories. Kottmann also claims that they tried to remove the data to prevent a larger breach.
According to BleepingComputer, the developer hasn’t notified the affected companies prior to releasing the details. However, Kottmann stated that if a company requests for removal of their source code from the repository, it will be immediately removed.
Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.