- Joined
- May 15, 2016
- Messages
- 14,031
- Likes
- 2,643
- Points
- 1,730
The GitLab repository contains the source code of dozens of companies, including Microsoft, Adobe and Lenovo.
The source codes of dozens of companies (technology, financial, trade, food, manufacturing and eCommerce) are available to everyone due to the incorrect configuration of their IT infrastructure. Among others, the list of companies includes such major brands as Microsoft, Adobe, Lenovo, AMD, Qualcomm, Motorola, Hisilicon (owned by Huawei), Mediatek, GE Appliances, Nintendo, Roblox, Disney, Johnson Controls, and others.
Source codes were put together from many sources Swiss razrabotchitsy Tilly Kottmann (Tillie Kottmann). Most of them are available in its public repository on the GitLab platform. As reportedsecurity researcher Bank Security, the repository contains 50 company names. While not all folders are full, some even have credentials.
On the Kottman server, you can find codes for financial technology companies (Fiserv, Buczy Payments, Mercury Trade Finance Solutions), banks (Banca Nazionale del Lavoro), as well as game developers and solutions for identification and access control (Pirean Access: One).
As Kottman explained to BleepingComputer, she found immutable credentials in the easily accessible repositories, which she even tried to remove to avoid possible abuse. She says she does not always report leaks to the affected companies, but she tries to minimize the potential damage from publishing.
Kottman removes codes at the request of interested companies and even provides information that can help them strengthen their cyber defense. This is confirmed by empty folders. For example, the repository no longer contains the source code for the car manufacturer Mercedes-Benz, Daimler AG. The Lenovo folder is also empty at the moment.
However, not all companies are concerned about the leak. In one case, company representatives were only interested in how Kottman got the source code. They did not ask to remove it from the repository and even wished the developer "have fun".
__________________
The source codes of dozens of companies (technology, financial, trade, food, manufacturing and eCommerce) are available to everyone due to the incorrect configuration of their IT infrastructure. Among others, the list of companies includes such major brands as Microsoft, Adobe, Lenovo, AMD, Qualcomm, Motorola, Hisilicon (owned by Huawei), Mediatek, GE Appliances, Nintendo, Roblox, Disney, Johnson Controls, and others.
Source codes were put together from many sources Swiss razrabotchitsy Tilly Kottmann (Tillie Kottmann). Most of them are available in its public repository on the GitLab platform. As reportedsecurity researcher Bank Security, the repository contains 50 company names. While not all folders are full, some even have credentials.
On the Kottman server, you can find codes for financial technology companies (Fiserv, Buczy Payments, Mercury Trade Finance Solutions), banks (Banca Nazionale del Lavoro), as well as game developers and solutions for identification and access control (Pirean Access: One).
As Kottman explained to BleepingComputer, she found immutable credentials in the easily accessible repositories, which she even tried to remove to avoid possible abuse. She says she does not always report leaks to the affected companies, but she tries to minimize the potential damage from publishing.
Kottman removes codes at the request of interested companies and even provides information that can help them strengthen their cyber defense. This is confirmed by empty folders. For example, the repository no longer contains the source code for the car manufacturer Mercedes-Benz, Daimler AG. The Lenovo folder is also empty at the moment.
However, not all companies are concerned about the leak. In one case, company representatives were only interested in how Kottman got the source code. They did not ask to remove it from the repository and even wished the developer "have fun".
__________________