What the terrifying Mercedes-Benz Hack means for the future of AI & Self-Driving Cars

Mercedes-Benz recently suffered a data breach that exposed internal source code and other proprietary information after an employee authentication token was accidentally left in a public GitHub repository.

The breach was discovered in 2024 by researchers at cybersecurity firm RedHunt Labs during a routine internet scan.

The publicly accessible token provided unrestricted access to Mercedes’ private GitHub Enterprise database, allowing anyone to download sensitive intellectual property.

including:

• Internal source code for vehicle components, features, apps, etc.
• Cloud platform credentials for Azure and AWS
• Connection strings and passwords for internal databases and systems
• API keys for internal services and third-party integrations
• Detailed engineering documentation, blueprints, and design documents
• Proprietary algorithms and logic used in Mercedes’ industry-leading driver assistance features

While Mercedes quickly revoked the token and removed the public repository once notified, the exposure lasted approximately 4 months, leaving plenty of opportunity for malicious actors…