Security News > 2021 > January > Nissan NA source code leaked due to default admin:admin credentials
Multiple code repositories from Nissan North America became public this week after the company left an exposed Git server protected with default access credentials.
The entire collection is around 20 gigabytes large and contains source code for mobile apps and various tools used by Nissan internally for diagnostics, client acquisition, market research, or NissanConnect services.
It is unclear if Nissan learned about the leak by itself or received a tip, but the company took down the insecure server on Tuesday before media outlets started publishing news of the incident.
Once the word got out, a torrent link for Nissan source code collection started being shared online; so despite Nissan's effort, the data remains in the hands of unauthorized third-parties.
In a conversation with Kottmann, they said that the company contacted them about hosting the repositories and that they would likely remove them.
Their public repository on GitLab contains folders with data from big companies like Pepsi, Toyota, SunTech, AMD, Motorola, Mediatek, Sierra Nevada Corporation, or the U.S. Air Force Research Laboratory.