RedHunt Labs recently reported that a Mercedes-Benz employee leaked a GitHub token that provided unrestricted access to Mercedes source code stored in an Internal GitHub Enterprise Server. The breach occurred on September 29, 2023, and the RedHunt Labs team discovered the leak on January 11. Mercedes-Benz revoked the compromised GitHub token on January 24, two days after RedHunt notified them of the security breach. During the breach, an attacker could have accessed extensive intellectual property within the Mercedes source code, including API keys, blueprints, cloud access keys, and various other sensitive information. RedHunt noted that the leak could have been much worse if attackers downloaded the entire source code and mined it for sensitive credentials, which would have exposed the company to persistent attacks.

Read More:

https://www.securityweek.com/leaked-github-token-exposed-mercedes-source-code/