Mercedes-Benz Source Code Leaked

A GitHub token exposure led to the compromise of Mercedes-Benz’s source code, exposing sensitive internal data such as intellectual property, passwords, and cloud access keys.

The breach was linked to a GitHub token belonging to a Mercedes-Benz employee, discovered in a public repository on September 29th. Researchers at RedHunt Labs confirmed that this token granted unrestricted access to the car manufacturer’s internal GitHub Enterprise Server.

The leak exposed sensitive information such as database connection strings, cloud access keys, blueprints, design documents, single sign-on (SSO) passwords, API keys, and other critical internal details, as outlined in the RedHunt Labs report.

The vulnerability stemming from the leaked token could have allowed malicious actors to extract valuable intellectual property, reports, files, credentials, and more from Mercedes’ source code, posing a significant security risk.

Despite the token being leaked in September, researchers discovered it on January 11th, prompting Mercedes to revoke the token on January 24th. This delay suggests that unauthorized access to Mercedes’ GitHub Enterprise Server may have occurred unnoticed for several months.

“The exposure of the GitHub token linked to Mercedes-Benz’s GitHub Enterprise Server could potentially allow adversaries to access and exfiltrate the organization’s entire source code. Such access poses the risk of revealing highly sensitive credentials, potentially leading to a severe data breach against Mercedes-Benz,” the researchers warned.

Disclaimer: The views expressed in this feature article are of the author. This is not meant to be an advisory to purchase or invest in products, services or solutions of a particular type or, those promoted and sold by a particular company, their legal subsidiary in India or their channel partners. No warranty or any other liability is either expressed or implied.
Reproduction or Copying in part or whole is not permitted unless approved by author.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

Sign Up for CXO Digital Pulse Newsletters

Sign Up for CXO Digital Pulse Newsletters to Download the Research Report

Sign Up for CXO Digital Pulse Newsletters to Download the Coffee Table Book

Sign Up for CXO Digital Pulse Newsletters to Download the Vision 2023 Research Report

Download 8 Key Insights for Manufacturing for 2023 Report

Sign Up for CISO Handbook 2023

Download India’s Cybersecurity Outlook 2023 Report

Unlock Exclusive Insights: Access the article