8 January 2021

Nissan North America suffered a data leak


Nissan North America suffered a data leak

Famous car manufacturer Nissan North America suffered a data leak due to default credentials. The company left an exposed Git server protected with default access credentials admin:admin. As a result, multiple code repositories from Nissan NA became public.

The data collection is around 20 gigabytes large. It contains source code for mobile apps and various internal tools for diagnostics, client acquisition, market research, etc. According to the reverse engineer Tillie Kottmann, who is a maintainer of a repository of leaked source code from various sources, data collection contains Nissan NA Mobile apps, parts of the ASIST Diagnostic System software, Dealer Business Systems/Dealer Portal, Nissan internal core mobile library, Nissan/Infiniti NCAR/ICAR services, client acquisition and retention tools, sale/market research tools and data, marketing, backends and internal tools, vehicle logistics portal, and vehicle connected services/Nissan connect things.

On Tuesday, company has taken the unprotected server down before news about the leakage came to light. Two days later, company contacted Kottmann and asked for removing their leaked repositories. An engineer usually complies with takedown requests and took the repositories down.

Back to the list

Latest Posts

FBI warns of ongoing vishing attacks seeking to steal corporate credentials

FBI warns of ongoing vishing attacks seeking to steal corporate credentials

Cybercriminals use VoIP platforms to target company employees.
19 January 2021
IObit forum hacked in a DeroHE ransomware attack

IObit forum hacked in a DeroHE ransomware attack

It is unknown, how the hackers managed to compromise the forum, but it is possible that they gained access to an administrative account.
19 January 2021
OpenWrt Project discloses data breach

OpenWrt Project discloses data breach

The hackers gained access to an administrator account on the OpenWrt forum and stole a copy of the user list.
19 January 2021