Home Computing Mercedes Benz’s source code leaked online

Mercedes Benz’s source code leaked online

A company spokesperson said that a human error caused the leak, leaving the token in an exposed repository in September 2023. UK-based RedHunt Labs discovered it during a standard scan last month.

Security researchers often scan the web to find unprotected servers or leaked secrets of major industry giants.

The token provided “unrestricted and unmonitored” access to blueprints, design documents and other crucial internal information belonging to the German car company.

Shubham Mittal, RedHunt’s co-founder, said the server hosted cloud access keys, API keys and additional passwords, which criminals could have used disrupt the company’s IT infrastructure. 

The private key would have given cybercriminals total access to the manufacturer’s own GitHub Enterprise Server. 

Mittal said the unsafe repositories also exposed keys for Microsoft Azure and Amazon Web Services servers; a Postgres database; and the source code for Mercedes Benz software. However, all customer data is secure.

The security company confirmed the incident to TechCrunch, after which it also reported the issue to Mercedes-Benz. The company almost immediately revoked the unrestricted API token and scrapped the public repository. 

While RedHunt was the first to share its findings about the repository, we don’t know if it was the only party to locate the leaked key.

Following an internal investigation, Mercedes Benz has put extra “remedial measures” in place, but hasn’t found any trace of cybercriminals abusing its IT secrets.



Denial of responsibility! TechCodex is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
DMCA compliant image

Leave a Comment