Microsoft’s private GitHub account hacked, 500GB of Data Breached
The American Multinational Technology company Microsoft suffers a Data breach. The Hacker claims that he stole 500GB of Data from Microsoft’s Private GitHub repositories. He claims the Data consists of Microsoft’s private projects.
Shiny Hunters (Hacker) contacted BleepingComputer and said: “He hacked into the Microsoft GitHub account, gaining full access to the software giant’s ‘Private’ repositories.”
The individual also told that ” after gaining the access into account I have downloaded 500GB of private projects and initially planned on selling it”, but now decided to leak it for free
He also shared a Screenshot of the data he downloaded, Looking at the SS it shows that the breach must have taken place on 28th of March 2020
Later he said in a statement to Bleeping Computer that he no longer has the access to the Microsoft’s GitHub account.
Cyber intelligence firm Under the Breach, said in a tweet: HUGE: The person behind the recent Tokopedia hack claiming he has 500GB (uncompressed) worth of private Microsoft source code, containing mostly Azure Source code, as well as Office and some windows runtime files / APIs. Appears to be stolen from private Github repositories.
HUGE: The person behind the recent Tokopedia hack claiming he has 500GB (uncompressed) worth of private Microsoft source code, containing mostly Azure Source code, as well as Office and some windows runtime files / APIs.
Appears to be stolen from private Github repositories. pic.twitter.com/wKUOi0nDkk
— Under the Breach (@underthebreach) May 6, 2020
Under the breach retweeted that “After some research and because the actor dumped the entire dirlist of the private repositories, it appears this is real. I doubt there is anything too private in these repositories but companies do sometimes leave keys/passwords on Github by mistake.
The hacker offered 1GB of files on a hacker forum for registered members to use site ‘credits’ to gain access to the leaked data. As some of the leaked files contain Chinese text or references to latelee.org or Chinese text, other threat actors on the forum do not feel that the data is real.
In a directory listing and samples of other private repositories sent to BleepingComputer, the stolen data appears to be mostly code samples, test projects, an eBook, and other generic items.
Some private repositories look a bit more interesting such as ones named some ‘wssd cloud agent’, a The Rust/WinRT language projection’, and a ‘PowerSweep’ PowerShell project. Overall, from what was shared, there does not appear to be anything significant for Microsoft to worry about, such as Windows or Office source code.
Microsoft employee Sam Smith replied to Under the Breach’s tweet stating that he thought the leak was fake as “Msft has a “rule” that GitHub repos must be public within 30 days.”
[Source: Bleeping Computer]