The source code of mobile apps and internal tools developed and used by Nissan North America has leaked online after the company misconfigured one of its Git servers.
“We are aware of a claim regarding a reported improper disclosure of Nissan’s confidential information and source code,” said a Nissan spokesperson. “We take this type of matter seriously and are conducting an investigation.”
Tillie Kottmann, a software engineer, publicized the apparently leaked information earlier this week on Twitter and Telegram. They told CyberScoop the information came via a “severely mismanaged” server that had the username and password of “admin:admin.”
“I was informed about the server by an anonymous source but acquired it myself and can thus mostly verify it,” Kottmann said via a Twitter direct message exchange. Kottmann said they also heard some ex-Nissan employees recognized projects there.
RELEASE: Nissan North America Source Code Dump
A COMPLETE dump of all git repositories from Nissan NA, most notably including sources for:
– the Nissan NA Mobile apps
– some parts of the ASIST diagnostics tool
– the Dealer Business Systems / Dealer Portal
(1/n) pic.twitter.com/ltDvg9blTB— tillie, doer of crime 💛🤍💜🖤 (@antiproprietary) January 4, 2021
Kottmann, who learned of the leak from an anonymous source and analyzed the Nissan data on Monday, said the Git repository contained the source code of:
- Nissan NA Mobile apps
- some parts of the Nissan ASIST diagnostics tool
- the Dealer Business Systems / Dealer Portal
- Nissan internal core mobile library
- Nissan/Infiniti NCAR/ICAR services
- client acquisition and retention tools
- sale / market research tools + data
- various marketing tools
- the vehicle logistics portal
- vehicle connected services / Nissan connect things
- and various other backends and internal tools