Frame-14

Privacy Ninja

        • DATA PROTECTION

        • Email Spoofing Prevention
        • Check if your organization email is vulnerable to hackers and put a stop to it. Receive your free test today!
        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • AntiHACK Phone
        • Boost your smartphone’s security with enterprise-level encryption, designed by digital forensics and counterintelligence experts, guaranteeing absolute privacy for you and up to 31 others, plus a guest user, through exclusive access.

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$3,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Secure your digital frontiers with our API penetration testing service, meticulously designed to identify and fortify vulnerabilities, ensuring robust protection against cyber threats.

        • Network Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Mobile Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Web Penetration Testing
        • Fortify your web presence with our specialized web penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats.

        • RAPID DIGITALISATION

        • OTHERS

Nissan NA Source Code Leaked Due To Default admin:admin Credentials

Nissan NA Source Code Leaked Due To Default admin:admin Credentials

Multiple code repositories from Nissan North America became public this week after the company left an exposed Git server protected with default access credentials.

The entire collection is around 20 gigabytes large and contains source code for mobile apps and various tools used by Nissan internally for diagnostics, client acquisition, market research, or NissanConnect services.

It is unclear if Nissan learned about the leak by itself or received a tip, but the company took down the insecure server on Tuesday before media outlets started publishing news of the incident.

Complete git repos dump

Swiss developer and reverse engineer Tillie Kottmann, who maintains a repository of leaked source code from various sources and their scouting of misconfigured devops tools, posted a summary of the Nissan leak:

  • Nissan NA Mobile apps
  • Parts of the ASIST Diagnostic System software
  • Dealer Business Systems/Dealer Portal
  • Nissan internal core mobile library
  • Nissan/Infiniti NCAR/ICAR services
  • Client acquisition and retention tools
  • Sale/market research tools and data
  • Various marketing tools
  • Vehicle logistics portal
  • Vehicle connected services/Nissan connect things
  • Various other backends and internal tools

Also Read: Trusted Data Sharing Framework IMDA Announced In Singapore

Kottmann told BleepingComputer that someone had informed them of the server and the admin/admin access credentials. Once the word got out, a torrent link for Nissan source code collection started being shared online; so despite Nissan’s effort, the data remains in the hands of unauthorized third-parties.

Repository pulled

In a conversation with Kottmann, they said that the company contacted them about hosting the repositories and that they would likely remove them. It happened on Thursday.

The developer told us on a different occasion that they comply with takedown requests and are even willing to provide tips for improving the security of a company’s infrastructure if asked.

Their public repository on GitLab contains folders with data from big companies like Pepsi, Toyota, SunTech, AMD, Motorola, Mediatek, Sierra Nevada Corporation, or the U.S. Air Force Research Laboratory.

Although not all folders have sensitive data they may contain information meant to be private or that could lead to protected assets.

Also Read: Data Protection Authority GDPR: Everything You Need To Know

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us