Microsoft’s Private GitHub Repos Allegedly Hacked

ADVERTISEMENT

Tech giant Microsoft is currently on cybersecurity spotlight after a hacker has claimed to have stolen over 500 GB data from the company’s private GitHub repositories.

In a report from Bleeping Computer, the hacker, who goes by the name Shiny Hunter, claimed Wednesday evening to had hacked a Microsoft employee’s GitHub account, which provided him “full access” to the tech giant’s private repositories.

ADVERTISEMENT

“The individual told us that they then downloaded 500GB of private projects and initially planned on selling it, but has now decided to leak it for free,” Bleeping Computer noted.

Microsoft's Private GitHub Repos

Based on the file stamps provided by the hacker, the news outlet believed that the intrusion seemed to have taken place in March, specifically on March 28, 2020.

ADVERTISEMENT

“As a teaser, the hacker offered 1GB of files on a hacker forum for registered members to use site ‘credits’ to gain access to the leaked data,” the site reported.

However, since some of the leaked files reportedly contain Chinese text or references to latelee.org, other participants on the forum doubted the authenticity of the provided data.

According to Bleeping Computer, the stolen data mostly included “code samples, test projects, an eBook, and other generic items.” Others also look “a bit more interesting,” with names such as ‘wssd cloud agent’, ‘The Rust/WinRT language projection’, and ‘PowerSweep’ PowerShell project.

ZDNet, on the other hand, revealed that some Microsoft employees have confirmed that “at least a small portion” of the stolen data is legit, with the number of stolen private repos estimated to be around 1,200.

While engineers of the tech company first dubbed the leak to be a scam, most have now taken back their comments and confirmed the leak’s partial authenticity.

“We say partial authenticity because a large portion of the files and directories listed by the hacker do not appear to be Microsoft-related projects, or are open-source projects that have been public for years and have no affiliation to Microsoft. It is unclear how these GitHub repositories got on the hacker’s list,” ZDNet explained.

Overall, however, Bleeping Computer, along with cyber intelligence firm Under the Breach, suggested that “from what was shared, there does not appear to be anything significant for Microsoft to worry about.”

To date, sources revealed that the attacker has now lost access to Microsoft’s private GitHub repositories.

ADVERTISEMENT