Nissan Source Code Leaked Online After Servers Infiltrated Using Default “Admin” Password
As if Nissan didn’t have enough issues with its plunging sales, the company’s source code for its North American mobile apps and internal tools has now leaked online.
The leak came as a result of the company misconfiguring one of its own Git servers – which Nissan inadvertently left exposed online with its default username and password, according to ZDnet.
The server was left with a default username and password combo of admin/admin, ZDnet reported. Was Solarwinds123 already taken as a password?
Tillie Kottmann, a Swiss-based software engineer, learned about the leak from an anonymous source and analyzed the data on Monday. Kottmann told ZDnet that the leak included source codes for:
Nissan NA Mobile apps
some parts of the Nissan ASIST diagnostics tool
the Dealer Business Systems / Dealer Portal
Nissan internal core mobile library
Nissan/Infiniti NCAR/ICAR services
client acquisition and retention tools
sale / market research tools + data
various marketing tools
the vehicle logistics portal
vehicle connected services / Nissan connect things
and various other backends and internal tools
A rep for Nissan said: “We are aware of a claim regarding a reported improper disclosure of Nissan’s confidential information and source code. We take this type of matter seriously and are conducting an investigation.”
RELEASE: Nissan North America Source Code Dump
A COMPLETE dump of all git repositories from Nissan NA, most notably including sources for:
– the Nissan NA Mobile apps
– some parts of the ASIST diagnostics tool
– the Dealer Business Systems / Dealer Portal
— tillie, doer of crime 💛🤍💜🖤 (@antiproprietary) January 4, 2021
Fri, 01/08/2021 – 22:45