Source code belonging to tens of companies, including several major organizations, has been leaked online after it was found on unprotected DevOps infrastructure.
Swiss-based IT consultant Till Kottmann has posted a list of roughly 50 companies that at some point exposed source code. For some of the impacted organizations the code has been removed from the repository, but in many cases it’s still available.
Kottmann told SecurityWeek that the source code they’ve made public, much of which appears to be proprietary, mostly comes from improperly configured or exposed DevOps infrastructure. The researcher says the information mainly originates from SonarQube instances, but also from GitLab and Jenkins.
“Some of the things are also sent to me by various sources,” Kottmann explained. “I usually do not know how they obtained the code.”
The list of impacted companies appears to include Microsoft, Adobe, Johnson Controls, GE, AMD, Lenovo, Motorola, Qualcomm, Mediatek, Disney, Daimler, Roblox, Nintendo and various organizations in the software, hardware, healthcare, finance, automotive, travel and industrial sectors.
Microsoft did not want to comment on the source code leak. Adobe told SecurityWeek that it’s aware of the website hosting the source code and it’s working on having the content removed. The Adobe source code is still online at the time of publishing.
“We have no evidence to suggest that any Adobe systems or customers have been compromised due to this issue,” the company stated.
Kottmann said they try not to release anything that could put individuals in danger and they attempt to censor any credentials they find before making the code public. They also noted that impacted vendors have not been notified, unless important informatio ..
Support the originator by clicking the read the rest link below.
