Nissan Source Code Leaked Online After Servers Infiltrated Using Default "Admin" Password

As if Nissan didn’t have enough issues with its plunging sales, the company’s source code for its North American mobile apps and internal tools has now leaked online.

The leak came as a result of the company misconfiguring one of its own Git servers – which Nissan inadvertently left exposed online with its default username and password, according to ZDnet

The server was left with a default username and password combo of admin/admin, ZDnet reported. Was Solarwinds123 already taken as a password?

Tillie Kottmann, a Swiss-based software engineer, learned about the leak from an anonymous source and analyzed the data on Monday. Kottmann told ZDnet that the leak included source codes for:

  • Nissan NA Mobile apps

  • some parts of the Nissan ASIST diagnostics tool

  • the Dealer Business Systems / Dealer Portal

  • Nissan internal core mobile library

  • Nissan/Infiniti NCAR/ICAR services

  • client acquisition and retention tools

  • sale / market research tools + data

  • various marketing tools

  • the vehicle logistics portal

  • vehicle connected services / Nissan connect things

  • and various other backends and internal tools

Photo: ZDnet

A rep for Nissan said: “We are aware of a claim regarding a reported improper disclosure of Nissan’s confidential information and source code. We take this type of matter seriously and are conducting an investigation.”