Source code from major tech and other activity companies leaked online says report


Many companies upload the source code of their software and applications to repositories like Github and GitLabfor easy accessibility which the companies keep in private and sometimes in public for testing or other purposes.

In a recent leak, the source code of a large number of companies across various activities is found to be publicly available on exposed repositories as a result of misconfigurations in their infrastructure.

A public repository of leaked source code includes major global firms like Microsoft, Adobe, Lenovo, AMD, Qualcomm, Motorola, Hisilicon (owned by Huawei), Mediatek, GE Appliances, Nintendo, Roblox, Disney, Johnson Controls and many others.

The leaked source code has been collected by Tillie Kottmann, a developer and reverse engineer from various sources and their own searching for misconfigured DevOps tools that offer access to these exposed repositories.

Most of these leaks were found to be named “exconfidential” or “Confidential and Proprietary” are now available in a public repository on GitLab. According to Bank Security, a researcher focused on banking threats and fraud more than 50 companies are published in the listed repository some credentials are present in some but not all of the folders are populated.

Kottmann told Bleeping Computer that they found hardcoded credentials in the easily-accessible code repositories, which are usually kept in secret to avoid contributing in any way to a breach.

“I try to do my best to prevent any major things resulting directly from my releases,” Kottmann told BleepingComputer, the developer also admitted that they don’t always contact the affected companies before releasing the code, yet they make an effort to minimize the negative impact resulting from publishing.

Following the DMCA notices received Kottmann has now kept many folders empty in the repository including one from Daimler AG corporation and Lenovo.

Kottmann believes there are a huge number of companies that expose proprietary code by failing to properly secure SonarQube installations.

Source: Bleeping Computer

Leave a Reply

%d bloggers like this: