TheWindowsClub News

TheWindowsClub Tech News covers the latest Microsoft Windows 10 news, along with other products & services like Office, etc.

Hacker steals more than 500GB data from Microsoft’s private GitHub repositories

According to a report, Microsoft’s private GitHub repositories became subject to massive data theft. In this attack, a hacker believed to have gained unrestricted access to the company’s private GitHub repositories and stolen more than 500GB of data.

GitHub

Microsoft’s private GitHub repositories hacked

Of late, a data breach has become a major concern among the enterprise community, especially since confidential project data is sold on the black market in large numbers.

A hacker named Shiny Hunters initially planned on putting confidential projects stolen from the software giant’s private GitHub repositories on sale. But then instead of putting it on sale, the hacker later decided to leak all the data for free, BleepingComputer reports.

Although the actual data theft may have occurred towards the end of march (specifically on March 28th, 2020), the hacker does not have access to the account anymore.

At first, the hacker made 1GB of files available free to access on a hacker forum where registered users could avail the data by utilizing the site ‘credits.’

However, the authenticity of the leaked data is subject to debate on the forum website since most of the data consists of Chinese text or references to latelee.org or Chinese text. Other hackers on the forum feel that the data is not real.

Further investigation into a directory listing and samples of other private repositories reveals that the stolen data may be nothing more than code samples, test projects, an eBook, and other generic items.

The report concludes Microsoft has nothing to worry about since the leaked data doesn’t seem to compromise anything valuable like Windows or Office source code.

The report raises concerns around the security of Private GitHub repositories. In the meantime, concerns are also being raised on private API keys or passwords that could have accidentally been left behind in some of the private repositories.

Responding to a tweet, Microsoft employee Sam Smith said he thought the leak was bogus since “Msft has a “rule” that GitHub repos must be public within 30 days.”

Meanwhile, Microsoft has not issued a statement.

Recently, GitHub announced that some of its core features are now accessible free for everyone, including those who are currently on free accounts.

Published on Tags:

TanmayPatange@TWCN

Tanmay loves writing about Technology, Internet, Apps, Social Media, and Cybersecurity. He also tracks OTT video content streaming space and likes to spend his weekends watching plays. You can contact him on Twitter @techtsp.

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap