Dev Platform Breaches: How GitHub, Jira & Confluence Exposed Mercedes, Apple, Disney & Others

Welcome to the DevOps multiverse. Here, code is currency, while platforms like GitHub, Jira, and Confluence power critical infrastructure. Here, even the smallest misstep can trigger a chain reaction measured in gigabytes of leaked data, thousands of compromised credentials, and millions of dollars in financial losses, not to mention reputational damage.

These risks aren’t theoretical. Breaches at household-name enterprises expose a harsh truth: DevOps pipelines have become the new battleground for cyberattacks. What connects Mercedes-Benz, Apple, Cisco, and The New York Times? All became victims of DevOps security failures, proving that even tech giants aren’t immune when code meets cybersecurity complacency.

Continue reading for a detailed analysis of these breaches, or check the complete CISO’s Guide to DevOps Threats. 

Global Cybersecurity Landscape at a Glance

Globally, cyber attacks occur with alarming frequency – roughly one every 39 seconds – amounting to over 2,000 incidents each day. This relentless pace fuels a massive economic toll: cybercrime is projected to cost the global economy $10.5 trillion annually by 2025, climbing to $15.63 trillion by 2029, according to Cybersecurity Ventures. The United States alone accounts for 59% of ransomware attacks, and 70% of data breaches cause significant operational disruptions. The ripple effect doesn’t stop at the breached company — it also hits business partners, clients, and entire supply chains, amplifying the overall impact of the attack.

The notion of complete immunity has always been a myth. Even the biggest organizations remain vulnerable.

Mercedes: 270GB of proprietary code exposed via leaked GitHub token

Due to a mishandled GitHub token, Mercedes-Benz’s source code was exposed to the public. A Mercedes-Benz employee leaked a GitHub token in their repository, granting unrestricted access to all source code on the company’s GitHub Enterprise server. During the exposure, attackers could have accessed critical information, including API keys, design documents, database credentials, and other sensitive data, which could have potentially caused financial, legal, and reputational damage. 

New York Times: 270GB internal data leaked, including Wordle source code

270GB of internal data belonging to The New York Times was exposed, including alleged source code for Wordle, internal communications, and sensitive authentication credentials linked to over 5,000 GitHub repositories. The New York Times confirmed that the incident involved the inadvertent exposure of credentials to a third-party code platform. However, the organization stated that no unauthorized access to its internal systems had been detected and that operations remained unaffected.

Schneider Electric: 400K rows of user data stolen, $125K ransom demanded

Schneider Electric confirmed a breach involving its internal project tracking platform, hosted in an isolated environment. The threat actor, known as “Grep,” claims to have accessed the company’s Jira server using exposed credentials and stolen 40GB of data, including 400K rows of user information, 75K unique email addresses, and other critical project data. The stolen information reportedly includes details about projects, issues, and plugins, and the attackers have demanded $125,000 to prevent a data leak.

Cisco: GitHub breach leaked source code, AWS keys, and Jira tickets

Cisco confirmed that some files were stolen after hacker IntelBroker claimed access to source code, credentials, and other sensitive data via GitHub and a SonarQube project. While no internal systems were breached, the attacker exploited a public-facing DevHub used for customer resources. Cisco reported that only a limited number of files were exposed, with no sensitive personal or financial data found. 

The untold impact of DevOps data leaks

While DevOps breaches at companies such as Mercedes-Benz, Apple, The New York Times, and Cisco often make headlines, the true cost of these incidents is rarely disclosed. 

At first glance, the impact may appear limited to brief negative press or a dent in reputation. But beneath the surface, the real price tag can be far more significant, ranging from:

• costly data recovery and environmental restoration,

• loss of competitive edge due to exposed code or strategic plans, disruptions to business continuity,

• to potential regulatory penalties.

The bottom line? Most organizations downplay the full scope of these incidents in public statements. Yet the sheer scale of the leaks—hundreds of gigabytes of data, millions of records, and sensitive internal repositories—reveals a much deeper, and likely more damaging, reality.

📚 Continue reading to dive deeper into these incidents and uncover emerging trends in cyberattacks targeting DevOps environments: Dev platform breaches: how GitHub, Jira & Confluence exposed Mercedes, Apple, Disney & others.