Well, hackers have struck again and this time it’s to the heart of developers- the code repositories at Github. Well, it been a couple of days since A hacker has been breaking into GitHub accounts and is wiping code repositories, to then demand a ransom in bitcoin from its owners. While there are still no signs of who the hacker, it definitely raises questions on Microsoft connection to it and its capabilities of managing the code repository vertical which it acquired last year.
The Microsoft Connection that is raising questions
Hackers are considered to be smartest kids in the room and as the world is evolving with tech the hackers to have gone smarter. But for them to breach the security of a tech giant needs some effort. Here comes a hacker that has just challenged the supremacy of Microsoft and has been asking Bitcoins for ransom.
Reportedly, GitHub has been hit by hackers who are hijacking private code repositories and deleting them in order to blackmail their owners for ransom. According to ZDNet, the attack has hit at least 392 different GitHub repositories and defaced them with a ransom note asking for 0.1 BTC (around $570) and an email proving the payment has been made.
Affected users have posted a note from the hacker that reads:
“To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by Email at [email protected] with your Git login and a Proof of Payment.”
And it’s not just Github, Several Git service developers have reported a break-in, where their repository was removed and replaced with a demand for Bitcoins. While many believe it’s unjust to call Microsoft weak for this attacks, it Microsoft’s silent that is creating doubts. Microsoft has been silent on the entire matter. Microsoft bought GitHub last year for US$7.5 billion.
Bitbucket and GitLab say that their security is not to blame for the attacks. Bitbucket notes the hacker gained access to the user accounts by submitting the proper usernames and passwords. So far,
“We believe that these credentials may have been leaked through another service, as other git hosting services are experiencing a similar attack. We have not detected any other compromise of Bitbucket,” notes a Bitbucket representative.
Kathy Wang, the security director for GitLab added
“We have strong evidence that the compromised accounts have account passwords being stored in plaintext on deployment of a related repository. We strongly encourage the use of password management tools to store passwords in a more secure manner,”
This hack is also been linked to Microsoft’s downplaying crypto-stealing email hack. On April 13th, Microsoft confirmed that its web email services (Outlook, MSN, and Hotmail) were compromised by a security breach. The software giant’s initially reported that the hack, which occurred between January 1st and March 28th, only affected folder names, email subject lines, victims’ email address, and the email addresses of those the victims corresponded with.
A few months later, it was realized that the content of emails had been stolen, allowing the hackers to access cryptocurrency accounts and empty them.
While it is difficult to assess why is Microsoft silent on this attack, it’s definitely not going well with the users. The longer the silence from Microsoft, the belief is getting more stronger that its Microsoft weakness and not hackers smartness that is the culprit of this attack
Will Microsoft come clean on these attacks and clarify its stance? Do let us know your views on the same.