Nissan was allegedly running a Bitbucket Git server with the default credentials of admin/admin.
The source code of mobile apps and internal tools developed and used by Nissan North America has leaked online after the company misconfigured one of its Git servers.
According to the interview conducted with Tillie Kottman, a Swiss-based software engineer by ZDNet. He said the Git repository contained the source code of:
- Nissan NA Mobile apps
- some parts of the Nissan ASIST diagnostics tool
- the Dealer Business Systems / Dealer Portal
- Nissan internal core mobile library
- Nissan/Infiniti NCAR/ICAR services
- client acquisition and retention tools
- sale / market research tools + data
- various marketing tools
- the vehicle logistics portal
- vehicle connected services / Nissan connect things
- and various other backends and internal tools
Nissan is Investigating the leak as a spokesperson confirmed the incident and affirm that Nissan’s take this type of matter seriously are are conducting an investigating already.
The Git server, a Bitbucket instance, was taken offline after the data started circulating on in the form of torrent links shared on Telegram channels and hacking forums.