{"id":7087,"date":"2025-07-22T09:59:49","date_gmt":"2025-07-22T09:59:49","guid":{"rendered":"https:\/\/gitprotect.io\/blog\/?p=7087"},"modified":"2025-07-22T09:59:52","modified_gmt":"2025-07-22T09:59:52","slug":"devops-security-failures-big-names-attacked","status":"publish","type":"post","link":"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/","title":{"rendered":"Dev Platform Breaches: How GitHub, Jira &amp; Confluence Exposed Mercedes, Apple, Disney &amp; Others"},"content":{"rendered":"\n<p>Welcome to the DevOps multiverse. Here, code is currency, while platforms like GitHub, Jira, and Confluence power critical infrastructure. Here, even the smallest misstep can trigger a chain reaction measured in gigabytes of leaked data, thousands of compromised credentials, and millions of dollars in financial losses, not to mention reputational damage.<\/p>\n\n\n\n<!--more-->\n\n\n\n<p>These risks aren&#8217;t theoretical. Breaches at household-name enterprises expose a harsh truth: DevOps pipelines have become the new battleground for cyberattacks. What connects Mercedes-Benz, Apple, Cisco, and The New York Times? All became victims of DevOps security failures, proving that even tech giants aren&#8217;t immune when code meets cybersecurity complacency.<\/p>\n\n\n\n<p>Key insights:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"#mercedes\">Mercedes: 270GB of proprietary code exposed via leaked GitHub token<\/a><\/li>\n\n\n\n<li><a href=\"#nyt\">New York Times: 210GB internal data leaked, including Wordle source code<\/a><\/li>\n\n\n\n<li><a href=\"#apple\">Apple: Internal Jira &amp; Confluence tools leaked<\/a><\/li>\n\n\n\n<li><a href=\"#disney\">Disney: 2.5GB of corporate secrets stolen by Club Penguin fans<\/a><\/li>\n\n\n\n<li><a href=\"#schneider\">Schneider Electric: 400K rows of user data stolen, $125K ransom demanded<\/a><\/li>\n\n\n\n<li><a href=\"#cisco\">Cisco: GitHub breach leaked source code, AWS keys, and Jira tickets<\/a><\/li>\n\n\n\n<li><a href=\"#wordpress\">WordPress: 390K+ credentials stolen via fake GitHub repo<\/a><\/li>\n\n\n\n<li><a href=\"#winrar\">Fake WinRAR: Site distributed malware via GitHub<\/a><\/li>\n\n\n\n<li><a href=\"#python\">Python: Leaked GitHub token threatened core PyPI repositories<\/a><\/li>\n<\/ul>\n\n\n\n<p>Continue reading for a detailed analysis of these breaches, or check the complete<em> <\/em><a href=\"https:\/\/gitprotect.io\/docs\/gitprotect-ciso-guide-to-devops-threats-2025.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">CISO\u2019s Guide to DevOps Threats<\/a>.\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Global Cybersecurity Landscape at a Glance<\/h2>\n\n\n\n<p>Globally, cyber attacks occur with <a href=\"https:\/\/bizplanr.ai\/blog\/cyber-security-statistics\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">alarming frequency<\/a> \u2013 roughly one every 39 seconds \u2013 amounting to over 2,000 incidents each day. This relentless pace fuels a massive economic toll: cybercrime is projected to cost the global economy $10.5 trillion annually by 2025, climbing to $15.63 trillion by 2029, according to <a href=\"https:\/\/cybersecurityventures.com\/hackerpocalypse-cybercrime-report-2016\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Cybersecurity Ventures.<\/a> The United States alone accounts for <a href=\"https:\/\/www.embroker.com\/blog\/cyber-attack-statistics\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">59% of ransomware attacks,<\/a> and <a href=\"https:\/\/newsroom.ibm.com\/2024-07-30-ibm-report-escalating-data-breach-disruption-pushes-costs-to-new-highs\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">70% of data breaches<\/a> cause significant operational disruptions. The ripple effect doesn\u2019t stop at the breached company \u2014 it also hits business partners, clients, and entire supply chains, amplifying the overall impact of the attack.<\/p>\n\n\n\n<p>The notion of complete immunity has always been a myth. Even the biggest organizations remain vulnerable.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"mercedes\">Mercedes: 270GB of proprietary code exposed via leaked GitHub token<\/h2>\n\n\n\n<p>Due to a mishandled GitHub token, Mercedes-Benz&#8217;s source code was exposed to the public. A Mercedes-Benz employee leaked a GitHub token in their repository, granting unrestricted access to all source code on the company\u2019s GitHub Enterprise server. During the exposure, attackers could have accessed critical information, including API keys, design documents, database credentials, and other sensitive data, which could have potentially caused financial, legal, and reputational damage.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"nyt\">New York Times: 270GB internal data leaked, including Wordle source code<\/h2>\n\n\n\n<p>270GB of internal data belonging to The New York Times was exposed, including alleged source code for Wordle, internal communications, and sensitive authentication credentials linked to over 5,000 GitHub repositories. The New York Times confirmed that the incident involved the inadvertent exposure of credentials to a third-party code platform. However, the organization stated that no unauthorized access to its internal systems had been detected and that operations remained unaffected.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"apple\">Apple: Internal Jira &amp; Confluence tools leaked<\/h2>\n\n\n\n<p>In June 2024, a threat actor known as IntelBroker claimed responsibility for a breach of Apple\u2019s internal authentication infrastructure. The leaked data included proprietary plugins and configurations used to integrate AppleConnect-SSO with Jira and Confluence, posing significant supply chain risks. According to cybersecurity firm AHCTS, the breach did not affect end-user services.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"disney\">Disney: 2.5GB of corporate secrets stolen by Club Penguin fans<\/h2>\n\n\n\n<p>Club Penguin fans exploited Disney\u2019s Confluence server to access old internal game data but inadvertently stole 2.5 GB of sensitive corporate information, including developer tools, internal infrastructure, advertising plans, and business documentation. The breach occurred using previously exposed credentials and included internal API endpoints, S3 bucket credentials, and links to developer resources, potentially increasing Disney\u2019s exposure to further attacks.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"schneider\">Schneider Electric: 400K rows of user data stolen, $125K ransom demanded<\/h2>\n\n\n\n<p>Schneider Electric confirmed a breach involving its internal project tracking platform, hosted in an isolated environment. The threat actor, known as \u201cGrep,\u201d claims to have accessed the company\u2019s Jira server using exposed credentials and stolen 40GB of data, including 400K rows of user information, 75K unique email addresses, and other critical project data. The stolen information reportedly includes details about projects, issues, and plugins, and the attackers have demanded $125,000 to prevent a data leak.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"cisco\">Cisco: GitHub breach leaked source code, AWS keys, and Jira tickets<\/h2>\n\n\n\n<p>Cisco confirmed that some files were stolen after hacker IntelBroker claimed access to source code, credentials, and other sensitive data via GitHub and a SonarQube project. While no internal systems were breached, the attacker exploited a public-facing DevHub used for customer resources. Cisco reported that only a limited number of files were exposed, with no sensitive personal or financial data found.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"wordpress\">WordPress: 390K+ credentials stolen via fake GitHub repo<\/h2>\n\n\n\n<p>A malicious GitHub repository enabled the exfiltration of 390K+ credentials, primarily targeting WordPress accounts, through a fake tool called \u201cYet Another WordPress Poster\u201d. The repository, associated with a threat actor dubbed MUT-1244, also deployed malware via a rogue npm dependency and phishing emails. Victims included pentesters, security researchers, and malicious actors who inadvertently exposed sensitive data such as SSH private keys and AWS credentials. MUT-1244\u2019s tactics included creating trojanized GitHub repositories hosting fake PoC exploit code and employing phishing emails to deliver payloads like cryptocurrency miners and data theft tools.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"winrar\">Fake WinRAR: The site distributed malware via GitHub<\/h2>\n\n\n\n<p>Security researchers at SonicWall uncovered a fake WinRAR website (winrar[.]co) hosting a malicious shell script designed to download further malware from a GitHub repo named \u201cencrypthub.\u201d The repository contained ransomware, crypto mining software, information stealers, and injection tools, with harvested system data sent to a Telegram account \u2014 illustrating the danger of typosquatting and weaponized open-source infrastructure.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"python\">Python: Leaked GitHub token threatened core PyPI repositories<\/h2>\n\n\n\n<p>Researchers at JFrog identified a leaked GitHub token embedded in a public Docker container, granting access to sensitive PyPI repositories. The token, belonging to PyPI admin Ee Durbin, was exposed due to misconfigured GitHub API usage. Although the token was quickly revoked, it posed a critical supply chain risk. Separately, Checkmarx reported malicious PyPI packages exfiltrating data via Telegram bots.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The untold impact of DevOps data leaks<\/h2>\n\n\n\n<p>While DevOps breaches at companies such as Mercedes-Benz, Apple, The New York Times, and Cisco often make headlines, the true cost of these incidents is rarely disclosed.&nbsp;<\/p>\n\n\n\n<p>At first glance, the impact may appear limited to brief negative press or a dent in reputation. But beneath the surface, the real price tag can be far more significant, ranging from:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>costly data recovery and environmental restoration,<\/li>\n\n\n\n<li>loss of competitive edge due to exposed code or strategic plans, disruptions to business continuity,<\/li>\n\n\n\n<li>to potential regulatory penalties.<\/li>\n<\/ul>\n\n\n\n<p>The bottom line? Most organizations downplay the full scope of these incidents in public statements. Yet the sheer scale of the leaks\u2014hundreds of gigabytes of data, millions of records, and sensitive internal repositories\u2014reveals a much deeper, and likely more damaging, reality.<\/p>\n\n\n\n<p class=\"has-background\" style=\"background-color:#f4fafe\">To dive deeper into these incidents and uncover emerging trends in cyberattacks targeting DevOps environments\u2014including threats like Lumma Stealer, NJRat, fake GitHub repositories, and GitLab exploits\u2014read the full<a href=\"https:\/\/gitprotect.io\/docs\/gitprotect-ciso-guide-to-devops-threats-2025.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"> <em>CISO\u2019s Guide to DevOps Threats<\/em><\/a>.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to the DevOps multiverse. Here, code is currency, while platforms like GitHub, Jira, and Confluence power critical infrastructure. Here, even the smallest misstep can trigger a chain reaction measured in gigabytes of leaked data, thousands of compromised credentials, and millions of dollars in financial losses, not to mention reputational damage.<\/p>\n","protected":false},"author":17,"featured_media":6989,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-7087","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","post--single"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Dev Platform Breaches: How GitHub, Jira &amp; Confluence Exposed Mercedes, Apple, Disney &amp; Others - Blog | GitProtect.io<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Dev Platform Breaches: How GitHub, Jira &amp; Confluence Exposed Mercedes, Apple, Disney &amp; Others - Blog | GitProtect.io\" \/>\n<meta property=\"og:description\" content=\"Welcome to the DevOps multiverse. Here, code is currency, while platforms like GitHub, Jira, and Confluence power critical infrastructure. Here, even the smallest misstep can trigger a chain reaction measured in gigabytes of leaked data, thousands of compromised credentials, and millions of dollars in financial losses, not to mention reputational damage.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog | GitProtect.io\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/XoperoSoftware\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-22T09:59:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-22T09:59:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/07\/Raport-okladka-1200x600-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Nina P\u0105czka, PR &amp; Brand Manager at GitProtect\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@GitProtectio\" \/>\n<meta name=\"twitter:site\" content=\"@GitProtectio\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Nina P\u0105czka, PR &amp; Brand Manager at GitProtect\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/\"},\"author\":{\"name\":\"Nina P\u0105czka, PR &amp; Brand Manager at GitProtect\",\"@id\":\"https:\/\/gitprotect.io\/blog\/#\/schema\/person\/50a3a03a01bfdb97e04872546787db53\"},\"headline\":\"Dev Platform Breaches: How GitHub, Jira &amp; Confluence Exposed Mercedes, Apple, Disney &amp; Others\",\"datePublished\":\"2025-07-22T09:59:49+00:00\",\"dateModified\":\"2025-07-22T09:59:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/\"},\"wordCount\":1178,\"publisher\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/07\/Raport-okladka-1200x600-1.png\",\"articleSection\":[\"News\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/\",\"url\":\"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/\",\"name\":\"Dev Platform Breaches: How GitHub, Jira &amp; Confluence Exposed Mercedes, Apple, Disney &amp; Others - Blog | GitProtect.io\",\"isPartOf\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/07\/Raport-okladka-1200x600-1.png\",\"datePublished\":\"2025-07-22T09:59:49+00:00\",\"dateModified\":\"2025-07-22T09:59:52+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/#primaryimage\",\"url\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/07\/Raport-okladka-1200x600-1.png\",\"contentUrl\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/07\/Raport-okladka-1200x600-1.png\",\"width\":1200,\"height\":600},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Strona g\u0142\u00f3wna\",\"item\":\"https:\/\/gitprotect.io\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Dev Platform Breaches: How GitHub, Jira &amp; Confluence Exposed Mercedes, Apple, Disney &amp; Others\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/gitprotect.io\/blog\/#website\",\"url\":\"https:\/\/gitprotect.io\/blog\/\",\"name\":\"GitProtect.io Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/gitprotect.io\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/gitprotect.io\/blog\/#organization\",\"name\":\"GitProtect.io\",\"url\":\"https:\/\/gitprotect.io\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/gitprotect.io\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/05\/favicon-528x528-1.png\",\"contentUrl\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/05\/favicon-528x528-1.png\",\"width\":528,\"height\":528,\"caption\":\"GitProtect.io\"},\"image\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/XoperoSoftware\/\",\"https:\/\/x.com\/GitProtectio\",\"https:\/\/www.linkedin.com\/company\/xopero-software\/\",\"https:\/\/www.youtube.com\/channel\/UCiEnl6n0mIO6w7twccz-l2w\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/gitprotect.io\/blog\/#\/schema\/person\/50a3a03a01bfdb97e04872546787db53\",\"name\":\"Nina P\u0105czka, PR &amp; Brand Manager at GitProtect\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/gitprotect.io\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/07\/nina-paczka-pr-amp-brand-manager-at-gitprotect_avatar.jpeg\",\"contentUrl\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/07\/nina-paczka-pr-amp-brand-manager-at-gitprotect_avatar.jpeg\",\"caption\":\"Nina P\u0105czka, PR &amp; Brand Manager at GitProtect\"},\"description\":\"Nina P\u0105czka is a PR &amp; Brand Manager at GitProtect.io, where she also contributes as a content writer. With a degree in English Philology, she combines language expertise with strategic brand communication to create clear, engaging content tailored to various audiences. Her writing emphasizes logic and storytelling over technical jargon, making complex cybersecurity topics more accessible and compelling. From press releases and thought leadership pieces to blog posts and media commentary, her content bridges the gap between technology and communication.\",\"url\":\"https:\/\/gitprotect.io\/blog\/author\/nina-paczka\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Dev Platform Breaches: How GitHub, Jira &amp; Confluence Exposed Mercedes, Apple, Disney &amp; Others - Blog | GitProtect.io","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/","og_locale":"en_US","og_type":"article","og_title":"Dev Platform Breaches: How GitHub, Jira &amp; Confluence Exposed Mercedes, Apple, Disney &amp; Others - Blog | GitProtect.io","og_description":"Welcome to the DevOps multiverse. Here, code is currency, while platforms like GitHub, Jira, and Confluence power critical infrastructure. Here, even the smallest misstep can trigger a chain reaction measured in gigabytes of leaked data, thousands of compromised credentials, and millions of dollars in financial losses, not to mention reputational damage.","og_url":"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/","og_site_name":"Blog | GitProtect.io","article_publisher":"https:\/\/www.facebook.com\/XoperoSoftware\/","article_published_time":"2025-07-22T09:59:49+00:00","article_modified_time":"2025-07-22T09:59:52+00:00","og_image":[{"width":1200,"height":600,"url":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/07\/Raport-okladka-1200x600-1.png","type":"image\/png"}],"author":"Nina P\u0105czka, PR &amp; Brand Manager at GitProtect","twitter_card":"summary_large_image","twitter_creator":"@GitProtectio","twitter_site":"@GitProtectio","twitter_misc":{"Written by":"Nina P\u0105czka, PR &amp; Brand Manager at GitProtect","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/#article","isPartOf":{"@id":"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/"},"author":{"name":"Nina P\u0105czka, PR &amp; Brand Manager at GitProtect","@id":"https:\/\/gitprotect.io\/blog\/#\/schema\/person\/50a3a03a01bfdb97e04872546787db53"},"headline":"Dev Platform Breaches: How GitHub, Jira &amp; Confluence Exposed Mercedes, Apple, Disney &amp; Others","datePublished":"2025-07-22T09:59:49+00:00","dateModified":"2025-07-22T09:59:52+00:00","mainEntityOfPage":{"@id":"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/"},"wordCount":1178,"publisher":{"@id":"https:\/\/gitprotect.io\/blog\/#organization"},"image":{"@id":"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/#primaryimage"},"thumbnailUrl":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/07\/Raport-okladka-1200x600-1.png","articleSection":["News"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/","url":"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/","name":"Dev Platform Breaches: How GitHub, Jira &amp; Confluence Exposed Mercedes, Apple, Disney &amp; Others - Blog | GitProtect.io","isPartOf":{"@id":"https:\/\/gitprotect.io\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/#primaryimage"},"image":{"@id":"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/#primaryimage"},"thumbnailUrl":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/07\/Raport-okladka-1200x600-1.png","datePublished":"2025-07-22T09:59:49+00:00","dateModified":"2025-07-22T09:59:52+00:00","breadcrumb":{"@id":"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/#primaryimage","url":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/07\/Raport-okladka-1200x600-1.png","contentUrl":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/07\/Raport-okladka-1200x600-1.png","width":1200,"height":600},{"@type":"BreadcrumbList","@id":"https:\/\/gitprotect.io\/blog\/devops-security-failures-big-names-attacked\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Strona g\u0142\u00f3wna","item":"https:\/\/gitprotect.io\/blog\/"},{"@type":"ListItem","position":2,"name":"Dev Platform Breaches: How GitHub, Jira &amp; Confluence Exposed Mercedes, Apple, Disney &amp; Others"}]},{"@type":"WebSite","@id":"https:\/\/gitprotect.io\/blog\/#website","url":"https:\/\/gitprotect.io\/blog\/","name":"GitProtect.io Blog","description":"","publisher":{"@id":"https:\/\/gitprotect.io\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/gitprotect.io\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/gitprotect.io\/blog\/#organization","name":"GitProtect.io","url":"https:\/\/gitprotect.io\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/gitprotect.io\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/05\/favicon-528x528-1.png","contentUrl":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/05\/favicon-528x528-1.png","width":528,"height":528,"caption":"GitProtect.io"},"image":{"@id":"https:\/\/gitprotect.io\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/XoperoSoftware\/","https:\/\/x.com\/GitProtectio","https:\/\/www.linkedin.com\/company\/xopero-software\/","https:\/\/www.youtube.com\/channel\/UCiEnl6n0mIO6w7twccz-l2w"]},{"@type":"Person","@id":"https:\/\/gitprotect.io\/blog\/#\/schema\/person\/50a3a03a01bfdb97e04872546787db53","name":"Nina P\u0105czka, PR &amp; Brand Manager at GitProtect","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/gitprotect.io\/blog\/#\/schema\/person\/image\/","url":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/07\/nina-paczka-pr-amp-brand-manager-at-gitprotect_avatar.jpeg","contentUrl":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2025\/07\/nina-paczka-pr-amp-brand-manager-at-gitprotect_avatar.jpeg","caption":"Nina P\u0105czka, PR &amp; Brand Manager at GitProtect"},"description":"Nina P\u0105czka is a PR &amp; Brand Manager at GitProtect.io, where she also contributes as a content writer. With a degree in English Philology, she combines language expertise with strategic brand communication to create clear, engaging content tailored to various audiences. Her writing emphasizes logic and storytelling over technical jargon, making complex cybersecurity topics more accessible and compelling. From press releases and thought leadership pieces to blog posts and media commentary, her content bridges the gap between technology and communication.","url":"https:\/\/gitprotect.io\/blog\/author\/nina-paczka\/"}]}},"_links":{"self":[{"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/posts\/7087","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/comments?post=7087"}],"version-history":[{"count":5,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/posts\/7087\/revisions"}],"predecessor-version":[{"id":7099,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/posts\/7087\/revisions\/7099"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/media\/6989"}],"wp:attachment":[{"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/media?parent=7087"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/categories?post=7087"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/tags?post=7087"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}