14 May 2019
It seems like Samsung let its guard down and will now pay a hefty price for it. Courtesy of a security researcher, Mossab Hussein, Samsung has leaked sensitive credentials. This includes data such as credentials, source code and even secret keys for numerous upcoming projects. The company supposedly accidentally uploaded the files to GitLab without even safeguarding it with a password.
Among the numerous leaked credentials was the login credentials for the Amazon Web services used by the company for the development of Samsung’s services. Supposedly, 100 S3 storage buckets was revealed as a result of this goof up. To make matters worse, even the GitLab access tokens of Samsung’s employees was revealed during this mishap. Here’s what Hussein had to say about his ability to access the data:
I had the private token of a user who had full access to all 135 projects on that GitLab.
Most of the revealed data has turned out to be information mainly relating to Samsung’s services like SmartThings and Bixby. Samsung has taken measures and revoked all access of all the keys and credentials on the testing platform. The company will also further look into the matter to see if any information could have been stolen or tampered with.