Systems and data are put at high risks of data and identity theft due to the misconfigurations of security controls. Recently, large enterprises have suffered data leaks as a result of misconfigurations in their infrastructure, and a hacker collated it all in one place.
Last month, a developer and a reverse engineer acquired source code from exposed repositories of more than 50 companies.
- Various sources were credited for the collection of leaks and from their hunting for misconfigured DevOps tools that offer access to source codes.
- Available in a public repository on GitLab, these are titled as “exconfidential” or “Confidential & Proprietary”.
- Some of the companies that were impacted belonged to the following domains -tech, finance, retail, food, eCommerce, and manufacturing.
- The leak list includes big names such as Adobe, Lenovo, Intel, AMD, Qualcomm, Microsoft, Motorola, Mediatek, GE Appliances, Hisilicon (owned by Huawei), Nintendo, Roblox, Disney, and Johnson Controls, among others.
- According to another set of researchers, the finding also included hardcoded credentials in the easily-accessible code repositories, which can cause direct harm or contribute to a larger breach.
Further Hunting of Source Code
It is suspected by various researchers, hat there are more companies with misconfigured DevOps tools exposing source code.
- Source code and development repos of multiple classic games were found in July through the Nintendo leak – Gigaleak.
- Other notable source code leak incidents include Mercedes-Benz onboard logic unit (OLU) in May 2020, Microsoft’s Xbox and Windows NT 3.5 in May 2020, and Valve’s Counter-Strike: Global Offensive in April 2020
Several famous source code leaks have been revealed in the past which includes the iPhone’s core software leak called the iBoot code leak in February of 2018 and the Microsoft Windows 10 source code leak in the same month as well.
Internal details of the worlds most popular software were made public by these leaks, risking the security of millions of its loyal users. It only shows that tech giants need to implement security measures that are proactive in order to protect their intellectual property and security infrastructure.
To read more, please check eScan Blog