A GitHub token leaked by a Mercedes-Benz staff provided access to all the source code stored on the carmaker’s GitHub Enterprise server, attack surface firm RedHunt Labs reports.
The token, discovered during an internet scan, was exposed in the employee’s GitHub repository, allowing unrestricted and unmonitored access to the source code. According to RedHunt, the breach occurred on September 29, 2023, but wasn’t found until January 11, 2024. Mercedes withdrew the leaked token on January 24, two days after receiving notification of the occurrence.
“Mercedes-Benz confirmed the leak, acknowledging the severity of the situation, and took immediate action by revoking the relevant API token,” according to RedHunt.
Read More: Mercedes Source Code Exposed by Leaked GitHub Token
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.