Mercedes-Benz data inadvertently leaked

TechCrunch reports that Mercedes-Benz was discovered by RedHunt Labs to have had its internal data unintentionally leaked as a result of an internet-exposed employee authentication token on GitHub. Such GitHub token enabled access to the German luxury and commercial automaker's repositories, which included its Postgres database, Amazon Web Services and Microsoft Azure keys, and source code, according to RedHunt Labs co-founder and Chief Technology Officer Shubham Mittal. "The repositories include a large amount of intellectual property connection strings, cloud access keys, blueprints, design documents, [single sign-on] passwords, API Keys, and other critical internal information," said Mittal. Mercedes-Benz disclosed that the API token has already been revoked while attributing the publication of the source code on a public repository to human error. "We will continue to analyze this case according to our normal processes. Depending on this, we implement remedial measures," said Mercedes-Benz spokesperson Katja Liesenfeld, who did not specify whether the internet-exposed data had been subjected to unauthorized third-party access.