The Git server was exposed to Internet with the default username and password access admin / admin, according to a software engineer, who learned about the leak from an anonymous source. The engineer analyzed the Nissan data on Monday and stated that the Git repository contained the source code of:
- Nissan NA Mobile apps
- Parts of the Nissan ASIST tool
- Dealer Business Systems / Dealer Portal
- Nissan internal core mobile library
- Nissan / Infiniti NCAR / ICAR services
- client acquisition and retention tools
- Market-related tools and data
- Various marketing tools
- Vehicle logistics portal
- and various other backends and interior tools
Nissan is investigating the source code leak
The exposed Git server, a Bitbucket instance, went offline the day before yesterday after data began circulating on Monday with the form of torrent links that were shared on Telegram channels and hacking forums.
ZDNet contacted Nissan and its spokesperson confirmed it leakage of source code.
"We have learned about a disclosure of Nissan confidential information and source code. We are taking this issue seriously and conducting research", Said the representative of Nissan to ZDNet via e-mail.
Researchers security, based in Switzerland, had found a similar GitLab server with incorrect configuration in May 2020. The exposed server had leaked the source code of various applications and tools Mercedes Benz. Mercedes eventually admitted the leak, and the exposed elements were removed at its request company.