Source code from range of high profile companies leaked
The operator of a public repository on GitLab is leaking source code owned by dozens of high-profile organizations, as reported by BleepingComputer.
The repository was compiled by developer and reverse engineer Tillie Kottmann, who claims the source code was accessible as a result of misconfigurations in the companies' infrastructure.
The repository holds leaked code from the likes of Microsoft, Adobe, Lenovo, AMD, Qualcomm, Motorola, Hisilicon, Mediatek, GE Appliances, Nintendo and more.
At the time of writing there are 50 folders in the repository (some of which are empty), but Kottmann is continually adding new names to the record.
The worst part about misconfigurations uncovered by Kottman is that, in some cases, login credentials are hardcoded (though these credentials have been removed from the code hosted on GitLab).
“I try to do my best to prevent any major things resulting directly from my releases,” explained the researcher.
Further, if a company demands their source code be removed from the repository, Kottmann immediately complies.
Although source code from dozens of firms has been leaked, Kottmann believes thousands of companies may have exposed proprietary code, primarily due to a failure to secure SonarQube installations.