- A Swiss developer has pulled source code from 50 high-profile companies, including Microsoft and Nintendo, and published it in a public online repository on GitLab.
- The leak of mounds of original code behind Nintendo’s classic games has specifically been dubbed “Gigaleak” online.
- According to a report from tech site Bleeping Computer, the developer was able to collect the code thanks to misconfigured tools used by the companies that leave proprietary information exposed, and some firms may not even be aware of the massive leak yet.
- Published source code gives people an inside look at certain company products, but it can also provide cyber attackers and bad actors an easier route for collecting confidential company information.
- Visit Business Insider’s homepage for more stories.
Internal software source code from more than 50 high-profile companies across tech, finance, retail, and other sectors has been leaked online.
Originally reported by the tech site Bleeping Computer, a Swiss developer named Tillie Kottmann was able to pull source code from the likes of Microsoft, Nintendo, Disney, Motorola, and others because of insecure DevOps applications that leave proprietary company information exposed. Kottmann posted the code on the online repository manager GitLab, which anyone can access, tagged under “exconfidential” and “Confidential & Proprietary.” The developer posted a link to the online repository on their Twitter account.
The leaked Nintendo code especially gained attention from the gaming world – it gives an inside look at the source code behind some of the company’s most classic games, as Polygon reports. The leaked Nintendo code has been dubbed the “GigaLeak” online.
Making the source code available for public viewing could allow cyber attackers to more easily scrounge for confidential company information, as security specialist Jake Moore told tech blog Tom’s Guide.
“Losing control of the source code on the internet is like handing the blueprints of a bank to robbers,” Moore told the site.
According to Bleeping Computer, Kottmann is responsive to requests from the companies to take down their source code. A leak that had previously revealed code from Daimler, the parent company to Mercedez-Benz, is no longer listed in the online repository. But some firms, according to the report, may not even notice that their source code has been published online. And even when they are made aware, they may not care – developers at one company simply wanted to know how Kottmann was able to pull the code collection off, per the report, and said to have “a lot of fun.”
Kottmann told Bleeping Computer that they attempt to remove hardcoded credentials, which are embedded credentials generally used to create backdoors, from the companies’ source code before publishing it to avoid an even more robust security breach.
“I try to do my best to prevent any major things resulting directly from my releases,” the developer told the outlet.
Kottmann’s Twitter account bio in part reads “probably leaking your source code right now.” The account’s pinned tweet is a crowdsourcing post asking for “any confidentiality, documents, binaries or source code, which you think should be made available to the public…”