A group of hackers known as the Shiny Hunters claimed that they hacked Microsoft GitHub private repositories on its developer’s platform, with about 500 GB data stolen containing more than 1200 private repository files.
The stolen data posted on the hacker’s forum shows it did not contain vital or damaging information and were also not able to gain access to any major app or the source code. We also gathered that a small portion of the hacked files was confirmed to be authentic by some Microsoft employees.
This breach happened on the 28th of March according to the file stamps in the complete directory listing of the leaked files but was revealed this week when the hackers threatened to publish parts of the stolen data on the dark web according to BleepingComputers. Their initial intention was to sell the leaked data just as they did with the stolen 91 million users’data from Tokopedia, Indonesia’s biggest e-commerce website having been confirmed as the hackers responsible for the breach.
Shiny Hunters Group offered 1 GB of the leaked data for free to members of a hacker’s forum but only to be accessed with “site’s credit”. Some of the stolen files from the private repositories were largely test projects, sample code, and generic items but with few intriguing names like ‘wssd cloud agent’ and ‘PowerSweep’ PowerShell project files revealed in the exposed data.
Few Microsoft employees who commented on the incident anonymously disclosed that major project of the company is hosted internally and never on Github’s public platform as Microsoft GitHub is used to share and host open-source projects and documentation according to company’s internal policy. GitHub platform is also used for hosting private projects intended to be made available under an open-source license in the future.
As at the time of filing this report, it has been confirmed that Microsoft’s engineers have been able to locate the source of vulnerability and has been resolved, taking away the hacker’s access to the private repositories platform and restoring normalcy.