In October 2018, Microsoft acquired GitHub, the famous software version control system used by developers around the globe. Although it initially raised questions as to how GitHub will be affected, these concerns were later put to rest with Microsoft’s well-executed strategy.
Now, in the latest, we have discovered that a hacker going by the online handle of Shiny Hunters is claiming to have hacked Microsoft’s own GitHub account allegedly allowing the hacker to the company’s private repositories.
It is worth noting that Shiny Hunters is the same hacker who, a few days ago, hacked Indonesia’s largest e-commerce platform Tokopedia and sold it on a dark web market for $5,000.
To give evidence for the allegation that the attacker had really gained access, the above screenshot was provided. This access led them to download approximately 500GB of data which they planned to sell at first but then later just decided to let it go for free in Robin-Hood style.
Although the exact date of the breach is not known, from the listings obtained of the leaked data, the dates displayed alongside indicate that it most probably occurred on 28 March 2020 as shown in the photo below.
Coming to the type of data exposed, it has been reported that the attacker even posted 1 GB of the data on one hacker forum allowing users to access it through the site’s built-in credits. This data was found to be featuring Chinese text and other such similar references in a few files which made many believe that the data was not from Microsoft as claimed.
However, according to samples of the private repositories and the directory listings seen, there does not appear to be anything confidential which may pose problems for Microsoft. The majority of them come across as code samples, test projects, eBooks, and similar items.
On the other hand, some names of the listings appeared to be more intriguing:
- wssd cloud agent
- The Rust/WinRT language projection
- PowerSweep – An instance of a PowerShell project.
After some research and because the actor dumped the entire dirlist of the private repositories, it appears this is real.
I doubt there is anything too private in these repositories but companies do sometime leave keys/passwords on Github by mistake. pic.twitter.com/4L8s18hQA0
— Under the Breach 🦠 (@underthebreach) May 6, 2020
Data breach monitoring firm Under the Breach also expressed their views on Twitter about the nature of the data exposed saying that it was highly likely that it was real. However, we haven’t received a statement yet from Microsoft themselves which will eventually let us know the simple hard truth.
While for some companies Github serves as a tool to store valuable source code in the form of private repositories, companies as large as Microsoft aren’t likely to do the same as they are self-sufficient and have secured internal systems designed to hold sensitive source codes, Under the Breach told HackRead.com.
That being said, companies often do make mistakes such as leaving keys and passwords in these private repositories, forgetting they aren’t very safe. but Under The Breach contacted Microsoft to make sure they’re aware of the leak and will replace any keys or passwords exposed if there are any, the company explained.
As of now, the hacker has stated that they no longer have access to Microsoft’s account which leaves the company ample time to investigate and inform their users of the consequences that it may entail. Hackread.com has contacted Microsoft and this article will be updated based on their response.