Microsoft's private GitHub account has been hacked in a major cybersecurity incident for the company.
A hacker known as Shiny Hunters told BleepingComputer they had gained full access into Microsoft's account, including supposedly 'Private' repositories, and had already downloaded 500GB of private projects.
Microsoft acquired the open-source library in June 2018 for $7.5 billion, giving the computing giant access to the world’s largest collection of code, with many developers using it as a repository for projects.
- GitHub launches Codespaces for in-browser coding
- All GitHub features are now free for everyone
- GitHub launches Android and iOS apps
BleepingComputer noted that the timestamps on the leaked files suggest the attack occured on March 28 2020, but Microsoft has yet to admit to any issues.
Shiny Hunters said he no longer has access to the account, and now plans to leak the data online, having decided not to sell the information online.
The hacker had offered 1GB of files for sale on a well-known hacker forum, but members of the site had claimed the data was fake.
BleepingComputer's analysis deduced that the stolen data was mainly code samples and test projects, as well as containing an eBook and other generic items. However the private repositories within the cache could contain information pertaining to upcoming Microsoft or GitHub projects, with potential source code leaks or new software build information inside.
There was no suggestion of any GitHub user data having been compromised or leaked during the breach, but similar past attacks have seen such information included in private repositories in the past.
TechRadar Pro has contacted Microsoft for comment, and will update this story if a reply is sent.
- These are the best laptops for developers around today
Via: BleepingComputer (opens in new tab)