Source code from notable tech companies like AMD, Microsoft, Qualcomm, and Nintendo was confirmed to have been leaked. Companies like Roblox, Johnson Controls, GE Appliances, and Disney were are also on the list.
Reports revealed that the source code was collected by developer and engineer Tillie Kottmann. It appears that these companies are using an unsecured public repository to store their internal code. A misconfiguration of their code repository allowed the leak in the first place.
Many of the leaked source codes now carry the label “exconfidential.” Majority of which are also stored in a public repository on GitLab and are publicly accessible.
The most worrisome aspect of this leak is the fact that it affected several financial companies. Notable institutions like Banca Nazionale del Lavoro, Fiserv, and Mercury Trade Finance Solutions are among them.
To prevent malicious use of the source code, Kottmann said that they removed hardcoded credentials before posting it. This is to make sure that malicious users cannot use these credentials to mount a larger hack.
Kottmann said that once they find a flaw in a system, they don’t necessarily contact the affected company. Nevertheless, he adds that they try to clean the code of sensitive data to prevent further attacks.
Kottmann and his team also comply with requests from companies to remove their source code online. In a previous leak, Daimler requested to have their code to be removed from the online repository. Kottmann obliged with the request and promptly removed the Daimler code.
In the tech community, exposing source code to try to force a company to make security upgrades is common. Some companies are proactively doing this.
Companies are launching bug bounty programs that allow hackers to attack their systems deliberately. This way, bugs and glitches will be discovered before a particular product goes into production.
Kottmann said that they are still investigating multiple companies with perceived vulnerabilities. He adds that thousands of companies have exposed systems that are extremely vulnerable to hacking. On top of that, companies are also using misconfigured DevOps tools that expose their system.
Despite the apparent danger of leaked source code, some companies appear just to turn a blind eye. Some developers are even keen to learn how Kottmann pulled the code heist of that magnitude.
Featured image courtesy of oatawa/Shutterstock
According to a report, Kate Middleton had allegedly banned her sister-in-law, Meghan Markle, from attending…
Bitcoin (BTC) suddenly plummeted to a three-week low of $52,148 after opening trading at $60,000.…