The exposed files contained source code for projects like Samsung’s SmartThings platform and Bixby services. They also contained credentials that provided access to the Amazon Web Service account that was being used, as well as several employees’ GitLab tokens, which provided further access.

A Samsung spokesperson told TechCrunch that the company “quickly revoked” all keys and certificates for the platform, reportedly used for testing. But Hussein said he alerted Samsung on April 10, and the company didn’t revoke the GitLab keys until April 30. “The real threat lies in the possibility of someone acquiring this level of access to the application source code, and injecting it with malicious code without the company knowing,” he told TechCrunch.

To Samsung’s knowledge, the exposed files weren’t tampered with. But for any company, especially one of this scale, a leak like this could be disastrous. It should also be preventable.