- A Swiss developer extracted the source code from 50 high-profile companies, including Microsoft and Nintendo, and published it in a public online repository on GitLab.
- The leak of lots of original code behind classic Nintendo games has been specifically called “Gigaleak” online.
- According to a report from tech site Bleeping Computer, the developer was able to collect the code thanks to poorly configured tools used by companies that expose proprietary information, and some companies may not be aware of the massive leak yet.
- The published source code gives people an inside look at certain company products, but it can also provide cyber attackers and bad actors with an easier route to gather confidential company information.
- Visit the Business Insider home page for more stories.
The internal software source code of more than 50 high-profile companies in technology, finance, retail and other sectors has been leaked online.
Originally informed by tech site Bleeping Computer, a Swiss developer named Tillie Kottmann was able to extract the source code from Microsoft, Nintendo, Disney, Motorola and others due to insecure DevOps applications that expose the company’s information. Kottmann published the code in the online repository manager GitLab, which can be accessed by anyone, labeled “ex-confidential” and “Confidential and proprietary.” The developer posted a link to the online repository on their Twitter account.
Nintendo’s leaked code especially caught the attention of the gaming world: It takes an inside look at the source code behind some of the company’s most classic games, as Polygon reports. Nintendo’s leaked code has been dubbed “GigaLeak” online.
Making the source code available for public viewing could allow cyber attackers to more easily search for confidential company information, as security specialist Jake Moore told technology blog Tom’s Guide.
“Losing control of source code on the Internet is like handing over a bank blueprint to thieves,” Moore told the site.
According to Bleeping Computer, Kottmann responds to companies’ requests to remove their source code. A leak that had previously been revealed by Daimler’s code, the parent company of Mercedez-Benz, is no longer listed in the online repository. But some companies, according to the report, may not even realize that their source code has been published online. And even when they’re informed, they may not care: Developers at one company simply wanted to know how Kottmann was able to do the code collection, according to the report, and said they “had a lot of fun.”
Kottmann told Bleeping Computer that they are trying to remove encrypted credentials, which are embedded credentials generally used to create backdoors, from companies’ source code before releasing it to avoid an even stronger security breach.
“I try to do everything possible to avoid anything important that results directly from my releases,” the developer told the outlet.
The Kottmann Twitter account bio says in part “I’m probably leaking your source code right now.” The pinned account tweet is a crowdsourcing post requesting “any confidentiality, documents, binary files or source code, which you think should be available to the public …”