Source code from exposed repositories of dozens of companies across various fields of activity (tech, finance, retail, food, eCommerce, manufacturing) is publicly available as a result of misconfigurations in their infrastructure.
A public repository of leaked code includes big names like Microsoft, Adobe, Lenovo, AMD, Qualcomm, Motorola, Hisilicon (owned by Huawei), Mediatek, GE Appliances, Nintendo, Roblox, Disney, Johnson Controls; and the list keeps growing.
The leaks have been collected by Tillie Kottmann, a developer and reverse engineer, from various sources and from their own hunting for misconfigured devops tools that offer access to source code.
A large number of these leaks, which go by the name “exconfidential” or the more tongue-in-cheek label “Confidential & Proprietary,” are available in a public repository on GitLab.
According to Bank Security, a researcher focused on banking threats and fraud, code from more than 50 companies is published in the repository. Not all folders are populated, though, but the researcher says that credentials are present in some cases.
Kottmann’s server shows code from fintech companies (Fiserv, Buczy Payments, Mercury Trade Finance Solutions), banks (Banca Nazionale del Lavoro), developers of identity and access management (Pirean Access: One) and games.
Kottmann told BleepingComputer that they find hardcoded credentials in the easily-accessible code repositories, which they try to remove as best as they can, to prevent direct harm and avoid contributing in any way to a larger breach.
Full article on https://www.bleepingcomputer.com/news/security/source-code-from-dozens-of-companies-leaked-online/
#dataleak #sourcecode #security #yokdata