Many industry media this week reported that an unknown attacker gained access to a Microsoft employee account on GitHub and downloaded the contents of a number of the company's private repositories. In particular, Bleeping computer writes that the attacker uses the pseudonym Shiny Hunters – he contacted the publication, providing reporters with evidence of hacking.
The hacker claims that in total he managed to steal 500 GB of data from the software giant repositories and at first was going to sell them, but then changed his mind and decided to merge the information into the network for free. Judging by the contents of the dump, the leak occurred on March 28, 2020.
As a “probe”, the hacker invited everyone to study a 1 GB dump, posting it on an unnamed hack forum. Bleeping Computer notes that some of the published files contain Chinese text, as well as links to latelee.org, which is why many first had doubts about the authenticity of the information posted.
Having studied the list of catalogs of stolen data, as well as the source codes from private repositories, Bleeping Computer researchers came to the conclusion that the hacker mainly got code samples, test projects, e-books and other unimportant data. Analysts at information security companies Nightlion Security and Under the Breach also studied the leak and agree with the opinion of journalists: Microsoft definitely has nothing to worry about, and among the leaked files it is useless to look for sources of products such as Windows and Office.
At the same time, the leak seems to be genuine. If at first some Microsoft engineers wrote on social networks and told the media that this leak was a fake, now they deleted their posts and abandoned their words. Moreover, Bleeping Computer and Edition Zdnet It is reported that several Microsoft employees who wanted to remain incognito at once confirmed that at least some of the stolen files were genuine, but the hacker did not gain access to the source code of any major Microsoft projects.
Microsoft employees explained that the source code for such projects is posted exclusively on the internal resources of the corporation, and not on the public GitHub. The fact is that the company's internal policy requires that the Microsoft GitHub account is used only for hosting and sharing open source projects and documentation. Also, the account can be used to host private projects, which in the future will also become available as open source solutions.
According to ZDNet, the hacker managed to infiltrate 1200 private repositories. At the same time, the publication writes that most of the stolen files and directories had nothing to do with Microsoft (among them there are even well-known open source projects that have been public for many years). It is not yet clear how these repositories generally got on the intruder list.
The only real problem, apparently, is that some compromised projects might contain access tokens and API credentials, which should now be revoked and changed.
Based on data from their own sources, ZDNet reporters say that the hacker behind this incident is the same person as recently hacked tokopedia, the largest online store in Indonesia.
Microsoft has not yet received official comment on this incident. The company only said that they are already investigating what happened.