Latest in Gear

Image credit:

Samsung leak exposed source code, passwords and employee data

An independent researcher discovered dozens of files set to public.

Sponsored Links

JUNG YEON-JE via Getty Images

Samsung was reportedly leaking sensitive source code, credentials and secret keys for several internal projects. According to TechCrunch, independent security researcher Mossab Hussein discovered dozens of exposed files in a GitLab used by Samsung engineers and hosted on a company-owned domain. The projects were reportedly set to "public" and not protected with a password.

The exposed files contained source code for projects like Samsung's SmartThings platform and Bixby services. They also contained credentials that provided access to the Amazon Web Service account that was being used, as well as several employees' GitLab tokens, which provided further access.

A Samsung spokesperson told TechCrunch that the company "quickly revoked" all keys and certificates for the platform, reportedly used for testing. But Hussein said he alerted Samsung on April 10, and the company didn't revoke the GitLab keys until April 30. "The real threat lies in the possibility of someone acquiring this level of access to the application source code, and injecting it with malicious code without the company knowing," he told TechCrunch.

To Samsung's knowledge, the exposed files weren't tampered with. But for any company, especially one of this scale, a leak like this could be disastrous. It should also be preventable.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Engadget's 2020 Back-to-School Guide

Engadget's 2020 Back-to-School Guide

View
Apple is reportedly planning 'Apple One' subscription bundles

Apple is reportedly planning 'Apple One' subscription bundles

View
Intel's discrete Xe GPU for gamers is coming in 2021

Intel's discrete Xe GPU for gamers is coming in 2021

View
Intel dishes on Tiger Lake, 'SuperFin' transistors and what lies ahead

Intel dishes on Tiger Lake, 'SuperFin' transistors and what lies ahead

View
Rockstar rolls back the 'Red Dead Online' update that broke everything

Rockstar rolls back the 'Red Dead Online' update that broke everything

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr