Samsung accidentally revealed sensitive company Data

Samsung accidentally revealed sensitive company Data

 

Poinwin, tech news - Samsung is said to inadvertently disclose credential data, source code, and secret keys for a number of their projects. The data is thus based on security researcher Mossab Hussein.

Citing Gizmochina's page on Monday (13/5/2019), Samsung inadvertently gave the public access to a number of confidential files in the GitLab development lab.

The worse, secret file of the company was left open for once without a password.

The Data is revealed, contains the credentials for the Amazon Web service account used to develop Samsung services.

In Total, there are 100 storage spaces attached to an AWS account that contains analytics and log data. The employee's GitLab Access Token is also part of the sensitive data found.

Security researchers gain access to a variety of public and private projects with access tokens, increasing the number of projects exposed from 43 to 135.

 "I have a user private token that has full access to all, i.e. 135 projects on GitLab's," says Mosaab Hussein.

Exposed files

 

Most publicly exposed files contain data related to SmartThings and Samsung Bixby services.

Further, Hussein mentions, as a result of this confidential data belonging to Samsung can cause disaster if there are outside parties that manipulate the code.

Simply informed, Samsung has many projects in the Vandev Lab--a Samsung-owned GitLab repository for service development purposes.

The same repository hosts Samsung projects such as the SmartThings and Bixby platforms.

Nevertheless, for now, Samsung has revoked access to all keys and credentials on the testing platform.

The company also conducts further investigation to find evidence of any external access that attempts to enter the file.