Wed, 29 Jul 2020 10:08:58
A developer and engineer by the name of Tillie Kottmann has drawn the source code of high-end companies including Microsoft, Adobe, AMD, Disney, Motorola, Nintendo, Qualcomm, Mediatek, Roblox, GE Equipment and more and has published it on GitLab.
Kottmann collected data by searching for the wrongly configured DevOps tool and several other tools. After recovering the data, he marks it under “confidential” and “Confidential & Proprietary” and can be accessed by anyone.
As reported by Bank Security, not all repositories posted with data have content but some folders have hard-coded credentials. One of the main highlights of the failure is the leaked source code from Nintendo which has several classic games.
Nicknamed “GigaLeak”, data leaks have source code from classic games such as Super Mario Kart, The Legend of Zelda: A Link to Past, and Yoshi Island.
Speaking to Bleeping Computer, Kottmann said he had tried to erase the hard-coded credentials from the data posted to prevent giving hackers the chance to abuse them.
Read More: Microsoft Now Offers $100,000 To Find Bugs in Windows Insider Preview
Swiss developers release data without notifying companies involved in the leak. However, he is willing to accept removal requests from companies if they want to delete their data from the repository.
Interestingly, there are companies (at least one) that have asked Kottmann about how he managed to access the data instead of asking him to delete it.
Kottmann believes that there are more companies with open source code, and he connects this with the misconfigured DevOps and installation of SonarQube (open source code audit platform) without guarantee.
Keywords: microsoft source code, microsoft source code leak, adobe source code leaked, source code leak