Categories: Technology

Source codes from 50 of the top tech companies leak online


The internal source code of more than 50 high-profile companies has been leaked to an online repository allowing people to access it.

Source code from notable tech companies like AMD, Microsoft, Qualcomm, and Nintendo was confirmed to have been leaked. Companies like Roblox, Johnson Controls, GE Appliances, and Disney were are also on the list.

Reports revealed that the source code was collected by developer and engineer Tillie Kottmann. It appears that these companies are using an unsecured public repository to store their internal code. A misconfiguration of their code repository allowed the leak in the first place.

Operation Confidential and Proprietary

Many of the leaked source codes now carry the label “exconfidential.” Majority of which are also stored in a public repository on GitLab and are publicly accessible.

The most worrisome aspect of this leak is the fact that it affected several financial companies. Notable institutions like Banca Nazionale del Lavoro, Fiserv, and Mercury Trade Finance Solutions are among them.

To prevent malicious use of the source code, Kottmann said that they removed hardcoded credentials before posting it. This is to make sure that malicious users cannot use these credentials to mount a larger hack.

Kottmann said that once they find a flaw in a system, they don’t necessarily contact the affected company. Nevertheless, he adds that they try to clean the code of sensitive data to prevent further attacks.

Kottmann and his team also comply with requests from companies to remove their source code online. In a previous leak, Daimler requested to have their code to be removed from the online repository. Kottmann obliged with the request and promptly removed the Daimler code.

Developing security

In the tech community, exposing source code to try to force a company to make security upgrades is common. Some companies are proactively doing this.

Companies are launching bug bounty programs that allow hackers to attack their systems deliberately. This way, bugs and glitches will be discovered before a particular product goes into production.

Kottmann said that they are still investigating multiple companies with perceived vulnerabilities. He adds that thousands of companies have exposed systems that are extremely vulnerable to hacking. On top of that, companies are also using misconfigured DevOps tools that expose their system.

Despite the apparent danger of leaked source code, some companies appear just to turn a blind eye. Some developers are even keen to learn how Kottmann pulled the code heist of that magnitude.

Featured image courtesy of oatawa/Shutterstock

Yen Palec

Published by
Yen Palec

Recent Posts

Kate Middleton banned Meghan Markle from Prince Philip’s funeral rumor debunked

According to a report, Kate Middleton had allegedly banned her sister-in-law, Meghan Markle, from attending…

5 hours ago

Bitcoin (BTC) sheds $8,000 as altcoins feel the heat

Bitcoin (BTC) suddenly plummeted to a three-week low of $52,148 after opening trading at $60,000.…

9 hours ago

Coinbase misses out on Dogecoin (DOGE) listing

The tremendous rally of Dogecoin (DOGE) that pushed returns to the meme token with a…

9 hours ago