Mercedes acted promptly, revoking the leaked token on January 24, just two days after learning of the incident, showcasing a rapid response to the security breach.
An internet scan uncovered a leaked token in the employee’s GitHub repository, allowing unrestricted and unmonitored access to the source code.
RedHunt reported the breach on September 29, 2023, but didn’t discover it until January 11, 2024. Mercedes promptly revoked the leaked token on January 24, just two days after learning of the incident.
RedHunt noted, “Mercedes-Benz confirmed the leak, recognized the severity, and took immediate action by revoking the relevant API token.”
Throughout the exposure period, an attacker could have utilized the token to access API keys, blueprints, cloud access keys, database connection strings, design documents, files, reports, source code, SSO passwords, and other crucial internal information, according to RedHunt.
The cybersecurity firm highlighted that the impact of the data breach extends beyond intellectual property exposure, potentially causing significant financial consequences, legal violations, and reputational damage.
RedHunt emphasized that the leaked GitHub Token for Mercedes’s Github Enterprise Server creates a gateway for potential adversaries to access and download the entire source code, exposing highly sensitive credentials and creating conditions for a severe data breach against Mercedes.
In October 2023, Palo Alto Networks warned that threat actors observed harvesting IAM credentials leaked in public GitHub repositories within minutes of exposure.
Earlier this month, GitHub rotated credentials upon discovering a vulnerability in GitHub.com and GitHub Enterprise Server that could have allowed access to credentials within a production container.
Related stories:
