Data Security

Source code of over 50 high profile organizations leaked online

Source code leak took place due to a misconfiguration error.

A misconfiguration in the infrastructure of repositories resulted in leaking the source code of dozens of mainstream, high-profile organizations from diverse sectors from tech, food, retail, finance, manufacturing, and e-commerce.

A reverse engineer and developer, Tillie Kottmann, collected the leaks, dubbed Exconfidential, from different sources while searching for misconfigured DevOps tools that provide access to source code, and stored them on a repository on GitLab.

The list of affected companies is quite long, as according to Bank Security, around 50 organizations’ source code has become public. This includes bigwigs like:

GE Appliances
Huawei owned Hisilicon
Johnsons Controls, to name a few.

List of affected companies and source code details shared by the researcher on their Twitter account:

Kottmann revealed that some of the folders are empty while some contain credentials such as code from fin-tech firms such as Fiserv, Mercury Trade Finance solutions, and Buczy Payments, access management, and identity developers like Pirean Access: one, and banks including Italy’s Banca Nazionale del Lavoro, etc.

Furthermore, hardcoded credentials are available in the easy-to-access code repositories. Kottmann also claims that they tried to remove the data to prevent a larger breach.

According to BleepingComputer, the developer hasn’t notified the affected companies prior to releasing the details. However, Kottmann stated that if a company requests for removal of their source code from the repository, it will be immediately removed.

To Top

Pin It on Pinterest

Share This