Mercedes-Benz found itself in an inadvertent data breach after an employee’s GitHub token was inadvertently exposed in a public repository. Security researcher Shubham Mittal discovered the flaw this month, prompting the car manufacturer to revoke the token and take the affected repository offline.
The leaked token, according to Mittal, granted unrestricted access to Mercedes’ GitHub Enterprise Server, potentially compromising sensitive documents, source code, and passwords. While it remains uncertain whether any customer data was compromised, TechCrunch reports that the leaked content contained crucial information pertaining to the company.
Upon being notified by TechCrunch about the leak on Monday, Mercedes-Benz swiftly responded by revoking the token and shutting down the repository by Wednesday. A spokesperson attributed the incident to human error and assured that an investigation is underway to assess the extent of the breach and any potential impact on data security. As of now, it remains unclear if the leak was exploited by other parties.
