All the contents of the internal Git repository of Nissan North America were in the public domain. The source code of the automaker's applications, diagnostic software and web services was leaked because of the administrator account, which used the default password.

The information was downloaded from a Git server powered by the Bitbucket platform. To gain access to this repository, the standard “admin” account with the password “admin” could be used. This was used by the attackers who stole the data and made it publicly available.

According to available data, the source code of mobile applications, diagnostic software, NCAR and ICAR services, an information system for interaction with dealers, a portal for logistics management, server backends, internal information systems, automotive services, several programs were stolen from the Nissan Git repository for customer service, marketing and sales management.

Analysis of the publicly available data showed that the code of the ASIST diagnostic system uses the outdated RC4 algorithm with a hard-coded Amalesh key to encrypt the password.

Sometimes it is just idiots inside, you know.