https://www.zdnet.com/article/nissan-source-code-leaked-online-after-git-repo-misconfiguration/ * Edition: + Asia + Australia + Europe + India + United Kingdom + United States + ZDNet around the globe: + ZDNet France + ZDNet Germany + ZDNet Korea + ZDNet Japan Search What are you looking for? [ ] Go * Videos * Windows 10 * 5G * Cloud * Best VPNs * 2021 * Security * more + AI + TR Premium + Working from Home + Innovation + Best Web Hosting + ZDNet Recommends + Tonya Hall Show + Executive Guides + ZDNet Academy + See All Topics + White Papers + Downloads + Reviews + Galleries + Videos + TechRepublic Forums * Newsletters * All Writers * + Preferences + Community + Newsletters + Log Out * * + What are you looking for? [ ] Go * Menu + Videos + Windows 10 + 5G + Cloud + Best VPNs + 2021 + Security + AI + TR Premium + Working from Home + Innovation + Best Web Hosting + ZDNet Recommends + Tonya Hall Show + Executive Guides + ZDNet Academy + See All Topics + White Papers + Downloads + Reviews + Galleries + Videos + TechRepublic Forums * * + o Preferences o Community o Newsletters o Log Out * us + Asia + Australia + Europe + India + United Kingdom + United States + ZDNet around the globe: + ZDNet France + ZDNet Germany + ZDNet Korea + ZDNet Japan Nissan source code leaked online after Git repo misconfiguration Nissan was allegedly running a Bitbucket Git server with the default credentials of admin/admin. * * * * * * * Catalin Cimpanu By Catalin Cimpanu for Zero Day | January 6, 2021 -- 15:40 GMT (07:40 PST) | Topic: Security nissan-logo.jpg Image: Daniel Demers The source code of mobile apps and internal tools developed and used by Nissan North America has leaked online after the company misconfigured one of its Git servers. TechRepublic Cheat sheet: TensorFlow, an open source software library for machine learning Cheat sheet: TensorFlow, an open source software library for machine learning Read More The leak originated from a Git server that was left exposed on the internet with its default username and password combo of admin/admin , Tillie Kottmann, a Swiss-based software engineer, told ZDNet in an interview this week. Kottmann, who learned of the leak from an anonymous source and analyzed the Nissan data on Monday, said the Git repository contained the source code of: * Nissan NA Mobile apps * some parts of the Nissan ASIST diagnostics tool * the Dealer Business Systems / Dealer Portal * Nissan internal core mobile library * Nissan/Infiniti NCAR/ICAR services * client acquisition and retention tools * sale / market research tools + data * various marketing tools * the vehicle logistics portal * vehicle connected services / Nissan connect things * and various other backends and internal tools nissan-content.pngnissan-content.png Image: ZDNet SMAT/webscrape is a tool by the data science/market research team, which scrapes all current offers on cars by zip code from https://t.co/5h9U6RLYge. yes thats a Nissan website. great culture if you have to scrape the website another departement made to get data you need. (6/n) pic.twitter.com/tIshObv8vl -- tillie, doer of crime (@antiproprietary) January 4, 2021 Nissan is investigating the leak The Git server, a Bitbucket instance, was taken offline yesterday after the data started circulating on Monday in the form of torrent links shared on Telegram channels and hacking forums. Reached out for comment, a Nissan spokesperson confirmed the incident. "We are aware of a claim regarding a reported improper disclosure of Nissan's confidential information and source code. We take this type of matter seriously and are conducting an investigation," the Nissan rep told ZDNet in an email. The Swiss researchers received a tip about Nissan's Git server after they found a similarly misconfigured GitLab server in May 2020 that leaked the source code of various Mercedes Benz apps and tools. Mercedes eventually admitted to the leak, and Kottmann, who was hosting the leaked data, also removed it from their server at the company's request. Security * Cyber security 101: Protect your privacy from hackers, spies, and the government * The biggest hacks, data breaches of 2020 * The best gifts for hackers * The best VPNs for business and home use * The best security keys for two-factor authentication * The best security cameras for business and home use * How hackers are trying to use QR codes as an entry point for cyber attacks (ZDNet YouTube) * How to improve the security of your public cloud (TechRepublic) Related Topics: Security TV Data Management CXO Data Centers * * * * * * * Catalin Cimpanu By Catalin Cimpanu for Zero Day | January 6, 2021 -- 15:40 GMT (07:40 PST) | Topic: Security Show Comments LOG IN TO COMMENT * My Profile * Log Out | Community Guidelines Join Discussion Add Your Comment Add Your Comment More from Catalin Cimpanu * [][dollar-money-rain] Security Ryuk gang estimated to have made more than $150 million from ransomware attacks * [][vt-graph] Security Cobalt Strike and Metasploit accounted for a quarter of all malware C&C servers in 2020 * [][jetbrains-logo] Security JetBrains denies being involved in SolarWinds hack * [][158214905] Security SolarWinds fallout: DOJ says hackers accessed its Microsoft O365 email server Please review our terms of service to complete your newsletter subscription. [ ] By registering, you agree to the Terms of Use and acknowledge the data practices outlined in the Privacy Policy. You will also receive a complimentary subscription to the ZDNet's Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time. [ ] You agree to receive updates, alerts, and promotions from the CBS family of companies - including ZDNet's Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe at any time. By signing up, you agree to receive the selected newsletter(s) which you may unsubscribe from at any time. You also agree to the Terms of Use and acknowledge the data collection and usage practices outlined in our Privacy Policy. Continue Newsletters See All See All Related Stories * 1 of 3 * * [][dollar-money-rain] Ryuk gang estimated to have made more than $150 million from ransomware attacks Most of the Ryuk gang's "earnings" are being cashed out through accounts at crypto-exchanges Binance and Huobi. * [][istock-701249404-21] Months after this 'serious' cyber-attack, stolen data has been leaked online by hackers The information that was stolen has been published to the dark web. * [][vt-graph] Cobalt Strike and Metasploit accounted for a quarter of all malware C&C servers in 2020 Security firm Recorded Future said it tracked more than 10,000 malware command and control servers last year, used across more than 80 malware families. ... * [][283352556] You should install antivirus on your Android smartphone, but which one? If your Android device isn't getting updates, then the very least you can do is download and install a security app. But which one should you install? * [][istock-army-computer-la] Hack the Army bug bounty challenge asks hackers to find vulnerabilities in military networks Bug bounty competition offers financial rewards for finding security vulnerabilities - so they can be fixed before malicious hackers find them. * [][screenshot-2021-01-07-a] Disgruntled former VP hacks company, disrupts PPE supply, earns jail term The sabotage of electronic records led to delays in shipping critical PPE during the COVID-19 pandemic. * [][screenshot-2021-01-07-a] North Korean hackers launch RokRat Trojan in campaigns against the South A VBA self decoding technique is being used to hide the malware on impacted systems. * [][china-us-trade-war] The NYSE ban on three Chinese telcos is back Latest reversal comes after the exchange received 'guidance' from the US Treasury. * [][jetbrains-logo] JetBrains denies being involved in SolarWinds hack JetBrains denies reports that is being under investigation and somehow related to the SolarWinds breach. ZDNet Connect with us (c) 2021 ZDNET, A RED VENTURES COMPANY. ALL RIGHTS RESERVED. Privacy Policy | Cookie Settings | Advertise | Terms of Use * Topics * Galleries * Videos * Sponsored Narratives * Do Not Sell My Information * About ZDNet * Meet The Team * All Authors * RSS Feeds * Site Map * Reprint Policy * Manage | Log Out * Join | Log In * Membership * Newsletters * Site Assistance * ZDNet Academy * TechRepublic Forums