As if Nissan didn’t have enough issues with its plunging sales, the company’s source code for its North American mobile apps and internal tools has now leaked online.
The leak came as a result of the company misconfiguring one of its own Git servers – which Nissan inadvertently left exposed online with its default username and password, according to ZDnet.
The server was left with a default username and password combo of admin/admin, ZDnet reported. Was Solarwinds123 already taken as a password?
Tillie Kottmann, a Swiss-based software engineer, learned about the leak from an anonymous source and analyzed the data on Monday. Kottmann told ZDnet that the leak included source codes for:
-
Nissan NA Mobile apps
-
some parts of the Nissan ASIST diagnostics tool
-
the Dealer Business Systems / Dealer Portal
-
Nissan internal core mobile library
-
Nissan/Infiniti NCAR/ICAR services
-
client acquisition and retention tools
-
sale / market research tools + data
-
various marketing tools
-
the vehicle logistics portal
-
vehicle connected services / Nissan connect things
-
and various other backends and internal tools
A rep for Nissan said: “We are aware of a claim regarding a reported improper disclosure of Nissan’s confidential information and source code. We take this type of matter seriously and are conducting an investigation.”
RELEASE: Nissan North America Source Code Dump
A COMPLETE dump of all git repositories from Nissan NA, most notably including sources for:
– the Nissan NA Mobile apps
– some parts of the ASIST diagnostics tool
– the Dealer Business Systems / Dealer Portal
(1/n) pic.twitter.com/ltDvg9blTB— tillie, doer of crime 💛🤍💜🖤 (@antiproprietary) January 4, 2021
