Harry Sintonen@harrysintonen@infosec.exchange · 2h ago
infosec.exchangeApparently some of the source code of the Sweden's E-Government platform has been stolen from CGI Sverige AB in a "sustained compromise".
The impact of this breach is unclear. In best scenarios the leak of the source code would largely not matter: You should build your systems in a way that access to source code doesn't lead to a compromise.
However, some reporting does mention that some credentials would have leaked as well. This sounds quite bad. However, credentials and keys are typically fairly easy to revoke and update (or this should be the case in most well designed systems).
Don't get me wrong, this is quite terrible. But it might not be as bad as it might initially seem like.
Subscribe to #cgi entries via RSS feed