Samsung Data Breach (2019)

Security researcher revealed that sensitive information including source code, credentials and secret keys have been made accessible on GitLab. Mossab Hussein, a security researcher at SpiderSilk, discovered dozens of exposed files and credentials to the entire AWS account that was being used on GitLab. Many of the files contained logs, analytics data, and the source code for the Samsung smart home ecosystem, SmartThings and Bixby services. The files also contained several employees’ credentials, which had been stored in plaintext. Shockingly Hussein was able to gain access to nearly 135 projects. Samsung internal coding were being exposed on GitLab due to it being configured as public without any password protection – thus meaning that anyone could access them, and download the source code.