Hacker Leaks Source Code Allegedly Stolen from Mitsubishi Motors

Mitsubishi Motors North America (MMNA) may have suffered a significant data breach after a cybercriminal named “ayla” posted a series of allegedly stolen internal files on BreachForums. The hacker claims to have obtained and leaked source code, internal projects, and tools from MMNA.

In a post on the forums, the hacker detailed their actions, stating that a breach occurred on October 10, 2024. According to them, the cyberattack targeted a third-party manager working with Mitsubishi Motors North America, ultimately giving the hacker access to sensitive information. The stolen data reportedly includes internal source code for MMNA's contactless bot, Java and XML configurations, tools, and reports, along with other technical assets.

The hacker's post contained a download link to the stolen files, free to any visitor (even non-members). Some of these files may contain development resources related to Mitsubishi Motors' internal systems and project environments. CyberInsider scrutinized the leaked files and also found possible exposure of Mitsubishi's content management system (CMS) configurations, potentially impacting internal documentation and website functionalities.

Threat actor “ayla” expressed a casual and mocking attitude toward the leak, referencing their decision to make the data public after originally considering keeping it private. They further warned other companies that encountering their activities meant it was “too late.”

MMNA is a major player in the U.S. automotive market, focusing on the distribution of Mitsubishi vehicles, parts, and services. As a subsidiary of Mitsubishi Motors Corporation, one of Japan's leading automakers, MMNA serves as a strategic arm in North America, overseeing a large network of dealers. A breach of this magnitude could affect not only the company's internal systems but potentially lead to broader operational disruptions if critical tools and development environments are compromised.

At this time, Mitsubishi Motors North America has not issued an official response to the allegations, and the authenticity of the leaked data has yet to be verified. CyberInsider submitted a request for comment to Mitsubishi, but we have not received a response yet. Hence, the authenticity of the leaked data has not yet been verified.