A massive security failure at pharmaceutical giant Novo Nordisk has resulted in the leak of 264 GB of sensitive data, including the exact formula for Ozempic. The breach reportedly originated from a compromised GitHub token in March, which allowed an attacker to clone private repositories and remain undetected for two months. In total, the hacker claims to have exfiltrated roughly 1.3 TB of data, exposing internal source code, clinical test records, and proprietary information regarding other high-profile medications.
The hacker highlighted embarrassing security lapses during the intrusion, claiming that critical systems were protected by remarkably weak credentials like "novo123". Beyond corporate intellectual property, the leaked files contain personal data belonging to employees, medical professionals, and patients. This incident underscores the extreme risk of credential leaks in developer environments and the devastating impact of insufficient password policies in high-stakes industries like healthcare.
