Mercedes Source Code Leak – Jan 2024

Mercedes-Benz has experienced a data leak involving a compromised security token on the GitHub public repository.

We share the details of this data breach incident below.

Salient points

  • The data breach of Mercedes-Benz code was first brought to the attention of the company by a threat intelligence firm in January 2024.
  • The data breach involved a private key that was part of a public GitHub repository. The key allowed  “unrestricted access” to the company’s source code.
  • The exposed GitHub repositories contained Microsoft Azure and Amazon Web Services (AWS) keys, a Postgres database, and Mercedes source code.
  • The compromised private key was first published in September 2023. The actual data breach was reported to Mercedes Benz by Redhunt Labs in January 2024.
  • The malicious actors could have accessed Mercedes’ source code, extracting intellectual property, reports, files, credentials, and other sensitive valuable information.
  • The leaked private key was first detected by Redhunt Labs as part of generic Internet security scans on 11 January 2024.
  • A summary of the data breach was first published in the public domain on 29 January 2024. The threat intelligence firm has shared the incident on its blog.
  • Mercedes Benz has acknowledged the data breach. It has termed the leak of private keys a ‘human error’.
  • As a remediation action, Mercedes Benz has revoked the private key and removed the public GitHub repository.
  • Further cleanup may be needed across the shared repositories of Mercedes Benz to contain the compromise.
  • The data breach was unintentional.
  • The type, extent, and scale of data breach or theft are unconfirmed. It is unclear if the customer data of Mercedes-Benz was breached.
  • The shares of Mercedes-Benz have largely remained unaffected. As of writing this, the shares of Mercedes-Benz are trading above €62.

About RedHunt Labs

RedHunt Labs is a threat intelligence firm. It has its headquarters in London and an operational center in India.

The company performs security scans and threat assessments for clients. You can find more information about the RedHunt Labs on their website.

RedHunt Labs, a UK based Cyber Security company, has launched its Attack Surface Management Platform NVADR for organizations to gain holistic visibility of their perimeter security. NVADR provides Continuous Asset Discovery as well as Data Leak Monitoring through its wide-spread distributed collectors and notifies organizations in case a new asset/data leak/security vulnerability belonging to the organization, surfaces on the internet. 

Mercedes logo in black

About Mercedes Benz

The Mercedes-Benz Group AG (former Daimler AG) is one of the world’s most successful automotive companies. With Mercedes-Benz AG, we are one of the leading global suppliers of high-end passenger cars and premium vans. Mercedes-Benz Mobility AG offers financing, leasing, car subscription and car rental, fleet management, digital services for charging and payment, insurance brokerage, as well as innovative mobility services.

More Cyber-security stories

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.