Nissan source code leaked due to admin: admin credentials

Nissan source code leaked

The source code for mobile apps and internal tools for Nissan’s North American division has leaked. The leak was due to the fact that the specialists of the automaker incorrectly configured one of their Git servers.

The first incident was highlighted by the Swiss developer and researcher Tillie Kottmann. He wrote on Twitter (the account is now locked) that the Nissan server was not configured correctly, and the default combination was used for the login and password, that is, admin: admin.

Kottmann himself learned about the leak from an anonymous source and analysed the data belonging to Nissan. According to him, the company’s Git repository contained the source codes of:

  • Nissan North America mobile applications;
  • some details of the Nissan ASIST diagnostic tool;
  • Dealer Business Systems/Dealer Portal;
  • Nissan’s main internal mobile library;
  • Nissan/Infiniti NCAR/ICAR services;
  • tools for attracting and retaining customers;
  • tools for sales and market research + data;
  • various marketing tools;
  • portal of transport logistics;
  • services of connection to cars;
  • various other backends and internal tools.

As a result, the problematic server was turned off last week, after torrent links to company data began to circulate on the network, and the leak was spotted on Telegram channels and on hacker forums.

The publication ZDNet writes that Nissan representatives have already confirmed the fact of the leak, but at the same time stressed that the personal information of customers, dealers or employees was not affected.

Nissan conducted an immediate investigation regarding improper access to proprietary company source code. We take this matter seriously and are confident that no personal data from consumers, dealers or employees was accessible with this security incident. The affected system has been secured, and we are confident that there is no information in the exposed source code that would put consumers or their vehicles at risk.Nissan's representatives assured.

Swiss researchers figured out the problem on the Nissan Git server after they discovered a similarly misconfigured GitLab server in May 2020, which leaked the source code of various Mercedes Benz applications and tools.

By the way, we also talked about the fact that Microsoft left open one of the internal servers of the search engine Bing.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *