Samsung SmartThings leaked code and keys


#1

Wow!

"one project contained credentials that allowed access to the entire AWS account that was being used, including over a hundred S3 storage buckets that contained logs and analytics data."

“I had the private token of a user who had full access to all 135 projects on that GitLab,” he said, which could have allowed him to make code changes using a staffer’s own account.

The exposed GitLab instance also contained private certificates for Samsung’s SmartThings’ iOS and Android apps.

Source:


#2

Samsung is a travesty of a company.