A developer and reverse engineer going by the name Tillie Kottmann has pulled the source codes of high-profile companies including Microsoft, Adobe, AMD, Disney, Motorola, Nintendo, Qualcomm, Mediatek, Roblox, GE Appliances and more and has published them on GitLab.
Kottmann collected the data by searching misconfigured DevOps tools and several other tools. After recovering the data, he tagged it under “exconfidential” and “Confidential & Proprietary” and can be accessed by anyone.
As reported by Bank Security, not all the repositories posted with the data have content but some folders have hard-coded credentials. One of the major highlights of the fiasco is the leaked source code of Nintendo that has some of the classic games.
Dubbed the “GigaLeak”, the data leak has source codes from classic games like Super Mario Kart, The Legend of Zelda: A Link to the Past, and Yoshi’s Island.
Speaking to Bleeping Computer, Kottmann says he has tried removing the hard-coded credentials from the posted data to prevent giving hackers an opportunity to misuse them.
The Swiss developer released the data without informing the companies involved in the leak. However, he is willing to accept takedown requests from companies if they want to get their data removed from the repositories.
Interestingly, there are companies (at least one) who have inquired Kottmann about how he managed to access the data instead of asking him to remove it.
Kottmann believes that there are more companies with exposed source codes and he attributes this to misconfigured DevOps and unsecured SonarQube (an open-source code auditing platform) installations.