A collection of source code from companies including General Electric, Disney, Microsoft, Motorola, Qualcomm, Adobe, Nintendo and Microsoft has been aggregated and posted online.
The repository was released onto Gitlab by software developer and IT consultant Tillie Kottmann and was collected from publicly available leaked data that had been stored on misconfigured online servers. Kottmann has indicated that the bulk of the records were leaked from SonarQube servers.
While Kottmann insists that they “try” to avoid the release of any data that could be leveraged by hackers, several of the records in the repository include login and password credentials hard-coded into the data. The fallout from this security failure could have serious consequences in the months and years to come.
“I try to do my best to prevent any major things resulting directly from my releases,” Kottmann told online technology and cybersecurity portal BleepingComputer. Kottmann, a self-described hacker, also publicly solicits “confidential info, documents, binaries, or source code” on their Twitter account.
The online repository also includes source code from financial management companies including Fiserv and Mercury Trade Finance Solutions, and at least one bank.