Nissan source code leaked online

In the beginning of January (Jan. 4), it was reported that source code of mobile apps and internal tools developed and used by Nissan North America was circulating the Internet. Apparently, the data have been shared on Telegram channels and different forums for hackers in the form of torrent links.

The reason of the online leakage was a misconfiguration of one of the automaker’s Bitbucket Git servers, as its default username/password was set to admin/admin. Accordingly, the Git repository contained the source code of: 
•    Nissan NA Mobile apps
•    some parts of the Nissan ASIST diagnostics tool
•    the Dealer Business Systems/Dealer Portal
•    Nissan internal core mobile library
•    Nissan/Infiniti NCAR/ICAR services
•    client acquisition and retention tools
•    sale/market research tools + data
•    various marketing tools
•    the vehicle logistics portal
•    vehicle connected services/Nissan connect things
•    and various other backends and internal tools

A Nissan spokesman has confirmed the incident and, in a response for a comment, said:
“Nissan conducted an immediate investigation regarding improper access to proprietary company source code. We take this matter seriously and are confident that no personal data from consumers, dealers or employees was accessible with this security incident. The affected system has been secured, and we are confident that there is no information in the exposed source code that would put consumers or their vehicles at risk.”

The Git server has been taken offline by Nissan, according to ZDNet.

Written by Joakim Rosell