A developer and reverse engineer with the name Tillie Kottmann has extracted source codes from leading companies including Microsoft, Adobe, AMD, Disney, Motorola, Nintendo, Qualcomm, Mediatek, Roblox, GE Appliances and more, and posted them to GitLab.
Kottmann collected the data by researching misconfigured DevOps tools and several other tools. After retrieving the data, it tagged it as "exconfidential" and "confidential and proprietary" and is accessible to anyone.
As reported by Banking security, not all repositories published with the data have content, but some folders have hard-coded credentials. One of the main highlights of the fiasco is Nintendo's leaked source code which contains some of the classic games.
Dubbed the "GigaLeak", the data leak contains source codes from classic games like Super Mario Kart, The Legend of Zelda: A Link to the Past and Yoshi's Island.
Talk to Bleeping computer, Kottmann says he tried to remove hard-coded credentials from published data to avoid giving hackers the chance to misuse them.
The Swiss developer released the data without notifying the companies involved in the leak. However, it is prepared to accept opt-out requests from companies if they want their data removed from repositories.
Interestingly, there are companies (at least one) that have asked Kottmann how he got into the data instead of asking him to delete it.
Kottmann believes there are more companies with exposed source codes and he attributes this to poorly configured DevOps installations and unsecure SonarQube (an open-source code auditing platform).