It seems that Samsung has suffered the loss of sensitive source code, credentials and secret keys for various internal projects.
According to TechCrunch, independent security researcher Mossab Hussein has discovered dozens of files displayed in a GitLab used by Samsung engineers and hosted in a domain owned by the company.
The exposed files contained source code for projects such as the SmartThings platform and services related to the Bixby voice assistant, credentials that provided access to the Amazon Web service account and the GitLab tokens of different employees.
A Samsung spokesman said the Korean giant quickly "revoked" all the keys and certificates for the platform. Hussein. however, he claims to have alerted Samsung on April 10 and that the company did not revoke the GitLab keys until April 30th. He always says that the real threat is that someone can acquire this level of access to the application's source code and add malware without the company knowing about it.
According to Samsung's knowledge, the exposed files have not been tampered with.