Mercedes-Benz accidentally exposed a trove of internal data after leaving a private key online that gave “unrestricted access” to the company’s source code, according to the security research firm that discovered it.
The London-based cybersecurity company said it discovered a Mercedes employee’s authentication token in a public GitHub repository during a routine internet scan in January.
According to Mittal, this token — an alternative to using a password for authenticating to GitHub — could grant anyone full access to Mercedes’s GitHub Enterprise Server, thus allowing the download of the company’s private source code repositories.
“The GitHub token gave ‘unrestricted’ and ‘unmonitored’ access to the entire source code hosted at the internal GitHub Enterprise Server,” Mittal explained in a report shared by TechCrunch.
It’s not known if anyone else besides Mittal discovered the exposed key, which was published in late-September 2023.
The Mercedes-Benz E-Class is one of the most advanced and technologically advanced vehicles on the market, and it’s perfect for those who love using social media apps. The new car…
When your Rolex or Louboutins need servicing, you’d never trust a corner shoe-shiner. So why settle for an ordinary charging network for your premium EV? Take the time to find…