Weak username and password has lead to leakage of Nissan's source code

Nissan has recently faced a source code breach as a result of using very poor login credentials.

The data breach includes 20 GB of source code from various services provided by Nissan including NissanConnect. A security researcher has revealed that Nissan North America’s mobile app, market research tools, diagnostics tools, and data assets’ source code were leaked online.

Nissan’s source code was leaked because of a misconfigured Git server of the company. The company secures the server with the default access credentials (username and password) of admin/admin.

The list of services that were included in the breach are mentioned below:

  • Nissan NA Mobile apps
  • Parts of the ASIST Diagnostic System software
  • Dealer Business Systems/Dealer Portal
  • Nissan internal core mobile library
  • Nissan/Infiniti NCAR/ICAR services
  • Client acquisition and retention tools
  • Sale/market research tools and data
  • Various marketing tools
  • Vehicle logistics portal
  • Vehicle connected services/Nissan connect things
  • Various other backends and internal tools

The compromised Git server has been taken down by the hackers and Nissan has started an investigation for it. The company officials have accepted the breach and have started the investigation to ensure that the damage is kept to a bare minimum.

Install NPAV on your devices and keep them protected from all kinds of cyberattacks. Use NPAV and join us on a mission to secure the cyber world.