According to a report, Microsoft’s private GitHub repositories became subject to massive data theft. In this attack, a hacker believed to have gained unrestricted access to the company’s private GitHub repositories and stolen more than 500GB of data.
Microsoft’s private GitHub repositories hacked
Of late, a data breach has become a major concern among the enterprise community, especially since confidential project data is sold on the black market in large numbers.
A hacker named Shiny Hunters initially planned on putting confidential projects stolen from the software giant’s private GitHub repositories on sale. But then instead of putting it on sale, the hacker later decided to leak all the data for free, BleepingComputer reports.
Although the actual data theft may have occurred towards the end of march (specifically on March 28th, 2020), the hacker does not have access to the account anymore.
At first, the hacker made 1GB of files available free to access on a hacker forum where registered users could avail the data by utilizing the site ‘credits.’
However, the authenticity of the leaked data is subject to debate on the forum website since most of the data consists of Chinese text or references to latelee.org or Chinese text. Other hackers on the forum feel that the data is not real.
Further investigation into a directory listing and samples of other private repositories reveals that the stolen data may be nothing more than code samples, test projects, an eBook, and other generic items.
The report concludes Microsoft has nothing to worry about since the leaked data doesn’t seem to compromise anything valuable like Windows or Office source code.
The report raises concerns around the security of Private GitHub repositories. In the meantime, concerns are also being raised on private API keys or passwords that could have accidentally been left behind in some of the private repositories.
Responding to a tweet, Microsoft employee Sam Smith said he thought the leak was bogus since “Msft has a “rule” that GitHub repos must be public within 30 days.”
Meanwhile, Microsoft has not issued a statement.
Recently, GitHub announced that some of its core features are now accessible free for everyone, including those who are currently on free accounts.
