Microsoft's private GitHub account was hacked during a major cybersecurity incident for the company. A hacker known as Shiny Hunters told BleepingComputer that they had gained full access to the Microsoft account, including so-called ``private'' repositories, and had already downloaded 500GB of private projects. Microsoft acquired the open source library in June 2018 for €7,5 billion, giving the IT giant access to the world's largest collection of code, with many developers using it as a repository for projects.
GitHub hack
BleepingComputer noted that timestamps on the leaked files suggested the attack took place on March 28, 2020, but Microsoft has yet to admit to a problem. Shiny Hunters said it no longer has access to the account and now plans to post the data online as it has decided not to sell the information online. The hacker had offered 1 GB of files to sell on a well-known hacker forum, but members of the site had claimed that the data was false. BleepingComputer's analysis deduced that the stolen data was primarily code samples and test projects, as well as containing an e-book and other generic items. However, private cached repositories may contain information about upcoming Microsoft or GitHub projects, with potential source code leaks or new software build information inside. It was not suggested that GitHub user data was compromised or leaked during the breach, but similar attacks have seen this information included in private repositories in the past. TechRadar Pro has contacted Microsoft for comment and will update this story if a response is received. Via: BleepingComputer