Microsoft's GitHub account hacked

 

 

 

Microsoft's GitHub account hacked, private repositories stolen

 

 

A hacker claims to have stolen over 500GB of data from Microsoft's private GitHub repositories,

BleepingComputer has learned.

This evening, a hacker going by the name Shiny Hunters contracted BleepingComputer to tell us

they had hacked into the Microsoft's GitHub account, gaining full access to the software giant's

'Private' repositories.

 

 

This individual told us that they then downloaded 500GB of private projects and initially planned

on selling it, but has now decided to leak it for free. Based on the file stamps in full directory listing

of the leaked files, but breach may have occured on March 28th, 2020. Shiny Hunters told BleepingComputer

that they no longer have access to Microsofts GitHub account.

 

 

 

 

 

 

Private repositories leaked

 

 

As a teaser, the hacker offered 1GB of files on a hacker forum for registered members to use site

'credits' to gain access to the leaked data. As some of the leaker files contain Chinese text ot references

to latelee.org other threat actors on the forum do not feel that the data is real. 

 

Based on the full directory listing of the stolen data and source code from private repositories that was

sent to BleepingComputer by the hacker, the stolen files aappear to be mostly code samples, test projects,

an eBook, and other generic items.

 

 

Some private repositories look a bit more interesting such as ones names some 'wssd cloud agent'.

a The Rust/WinRT language projection', and  a 'PowerSweep' PowerShell project.

Overall, from what was shared, there does not appeat to be anything significant for Microsoft to 

worry about, as it did not contain more sensitive cide for software like Windows or Office.

 

Cyber interlligence firm Under the Breach, who also saw theh leak on the hacker forum,

sheres BleepingComputer's opinion that there is not much to worry about.

They did express consern that private API keys or passwords could have accidentally been left

behind in some of the private repositories like other developers have done in the past.

 

Since publishing this story, a Microsoft employee who wished to remain anonymous has told

BleepingComputer that the stolen data is legitimate.

Other employees who had previously denounced the leak as fake, have since deleted thier tweets.

Microsoft has told BleepingComputer that they are "aware of these claims and are investigating."

 

 

 

 

Update 5/ 8 /20

 

 

 

 

 

출처

https://www.bleepingcomputer.com/news/security/microsofts-github-account-hacked-private-repositories-stolen/