Total Tests:

Report: Scotiabank exposed source code and credentials on GitHub repositories

By Bradley Barth for SC Media
Thursday, September 19, 2019

Coulls also claimed to hear from additional financial institutions after the story posted. “Of the big 6 banks in Canada, I’ve now heard from half,” Coulls tweeted. “All were shaking heads. One (unnamed) was panicked and performed a emergency cleanup of all one (1!) found repository.”

“Public code repositories, various code and data sharing projects can greatly facilitate DevSecOps and accelerate agile software development. However, they likewise bring a wide spectrum of critical business risks of inadvertent or careless data leaks exacerbated by third-party developers with insufficient security training,” said Ilia Kolochenko, founder and CEO of ImmuniWeb, in emailed comments. “Cybercriminals are well aware of the situation and are continuously crawling publicly accessible data sources to get sensitive source code, hard-coded credentials and API keys… Large companies need to thoughtfully design a secure software development policy, and properly enforce and monitor it. Regular security training for developers should be an essential part of the policy.”

SC Media has reached out to Scotiabank for comment. Read Full Article

Book a Call Ask a Question
Talk to ImmuniWeb Experts
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
Your data will stay private and confidential