Excerpt from EconomicTimes Article – Published on Feb 05, 2024
A recent report from RedHunt Labs has unveiled a significant data exposure incident involving Mercedes-Benz, where sensitive information such as database connection strings, cloud access keys, blueprints, design documents, single sign-on (SSO) passwords, and API keys were compromised. The breach, which originated from a GitHub token leak, exposed critical internal data, including intellectual property and access credentials. It was discovered that the leak stemmed from a Mercedes-Benz employee’s GitHub token, which was found in a public repository on September 29. This token granted unrestricted access to the car manufacturer’s internal GitHub Enterprise Server.
The vulnerability that the leaked token presented raised concerns about potential cyber threats because it could have allowed attackers to exploit Mercedes’ source code for valuable intellectual property, reports, files, and credentials, posing a serious security risk to the company.Despite the token being leaked in September, researchers only discovered the breach on January 11, prompting Mercedes-Benz to revoke the token on January 24. The delay in detection suggests that unauthorized access to Mercedes’ GitHub Enterprise Server may have occurred undetected for several months, heightening concerns about the extent of the breach and its potential ramifications.
RedHunt Labs researchers highlighted the severity of the situation, emphasizing that the exposure of the GitHub token linked to Mercedes-Benz’s GitHub Enterprise Server could enable adversaries to access and exfiltrate the organization’s entire source code. Such access could lead to a severe data breach, compromising highly sensitive credentials and posing significant risks to Mercedes-Benz’s operations and reputation.Mercedes-Benz, a prominent premium vehicle brand operating under Mercedes-Benz Group AG, boasts annual revenues exceeding €133 billion ($144 billion) and a global workforce of over 170,000 employees.
The incident underscores the critical importance of robust cybersecurity measures and vigilant monitoring to safeguard sensitive data and protect against unauthorized access and data breaches in an increasingly digitized business landscape. As companies continue to grapple with evolving cybersecurity threats, proactive measures are essential to mitigate risks and preserve the integrity of organizational data and assets.
To delve deeper into this topic, please read the full article in EconomicTimes.