Source codes from dozens of companies’ repositories appear on GitLab server

The source codes of dozens of companies’ repositories have appeared online. A developer found them, got them, and posted them publicly on GitLab. These are repos from tech companies such as Adobe and Lenovo, but also from Disney, for example.

The repos contain source code from internal systems. They were collected by a developer called Tillie Kottmann, who managed to collect the repos through different channels. In some cases it concerns old code that has now been put online by developers themselves, but Kottmann tells Bleeping Computer that the code is often also on poorly configured servers and is therefore publicly accessible. For example, Kottmann looks at servers running the code auditing platform SonarQube. Kottmann asks the audience on Twitter however also about new source codes.

The repos were viewed by, among others security researcher Bank Security. He mainly looked at code from banks and fintech companies, but the repos also come from companies such as Microsoft, Qualcomm, Motorola, Adobe and Disney. Kottmann has placed the repos in its own GitLab repository, but it is currently offline.

Hard-coded passwords and authentication tools could be found in some repos. That credentials are by Kottmann in their own words, removed as much as possible, although that is probably not the case everywhere. It is also unclear whether the repos contain private or confidential information. Kottmann tells Bleeping Computer that any takedown requests will be honored.