Recently, a security researcher found that Samsung engineers were leaking highly sensitive data like source code, secret keys from the development lab.
The company has left many internal coding projects on Gitlab instance which is hosted on the company’s own domain. This instance was used to contribute the code to many apps of Samsung. This was spilling data because these projects were made public and not encrypted with a password. This allows anyone to see the code and download it.
According, to Mossab Hussein who is a security researcher in a Dubai-based firm of cybersecurity, SpiderSilk, one of the projects contained some important credentials that could give access to the entire AWS account. That included more than 100 S3 storage buckets containing analytics and log data.
Mossab Hussein is a white-hat hacker and also a discoverer of the data breach. In the following days, Samsung has started revoking the AWS credentials but it is still unknown if the remaining certificates are revoked or not.
Hussein also said that many folders contained analytics of Samsung’s Bixby services. They also included the private data of several employees.
However, Samsung denied his claim and told him that the files were used for testing, but Hussein challenged the claim.
A few months ago Huessin has also reported security vulnerabilities at the back-end database at the blind. He found a social networking site that was popular amongst the employees of Silicon Valley.
Well, Samsung will surely look upon such security issues and improvise them. For more updates stay tuned to blocktoro.com