Source code from exposed repositories of dozens of companies across various fields of activity (tech, finance, retail, food, ecommerce, and manufacturing) is publicly available as a result of misconfigurations in their infrastructure.
A public repository of leaked code includes big names like Microsoft, Adobe, Lenovo, AMD, Qualcomm, Motorola, Hisilicon (owned by Huawei), Mediatek, GE Appliances, Nintendo, Roblox, Disney, Johnson Controls; and the list keeps growing.
The leaks have been collected by Tillie Kottmann , a developer and reverse engineer, from various sources and from their own hunting for misconfigured DevOps tools that offer access to source code.
A large number of these leaks, which go by the name “exconfidential” or the more tongue-in-cheek label “Confidential & Proprietary,” are available in a public repository on GitLab.
Kottmann’s server shows code from Fintech companies (Fiserv, Buczy Payments, Mercury Trade Finance Solutions), banks (Banca Nazionale del Lavoro), developers of identity and access management (Pirean Access: One) and games.
Kottmann told Bleeping Computer that they find hardcoded credentials in the easily-accessible code repositories, which they try to remove as best as they can, to prevent direct harm and avoid contributing in any way to a larger breach.
“I try to do my best to prevent any major things resulting directly from my releases,” Kottmann told Bleeping Computer.
The developer admitted that they don’t always contact the affected companies before releasing the code, yet they make an effort to minimize the negative impact resulting from publishing.
Other people are involved in this project, contributing directly or indirectly with leaks or helping Kottmann better understand the nature of their finding when this is not clear to them.
More from Technology
A $7.5 million Google class action settlement resolves allegations that the now defunct Google+ social networking platform exposed users’ private …