GitHub, the world’s largest open source sharing platform, has been ransomed

GitHub is the largest online code sharing and storage platform in the world for developers and developers worldwide. However, on May 4, an attack on this repository has caused hundreds of developers to lose their archives of code and commits.

Not only that, the hacker left a ransom message for the victims:

” To restore your code repository and avoid leaking it: Send us 0.1 Bitcoin (BTC – approximately 566 USD) to Bitcoin wallet: ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us via email admin @ gitsbackup. com with your Git login account and proof of Payment (Proof of Payment). If you are not sure we have your data, contact us and we will send you proof. Your code store has been downloaded and backed up on our service. If we don’t receive payment in the next 10 days, we will publicize your code repository or use them for other purposes . ”

Not only is GitHub affected, this hacker attack also targets online code storage services similar to Bitbucket and GitLab.

While Microsoft, which owns GitHub has not yet commented, a study on GitHub said that at least 392 GitHub accounts have been ransomed. According to estimates by Jeremy Galloway, a security researcher at Atlassian, the company that owns Bitbucket, the number of victims on the service is much larger, at least more than 1,000 accounts are affected.

While some of the victims of the attack admitted that they used weak passwords for their GitHub, GitLab and Bitbucket accounts, as well as forgot to delete login tokens on older applications. not used for months – these are all common ways that online accounts are compromised.

However, all the evidence suggests that hackers have scanned the entire internet to search for config files,

GitLab’s security manager, Kathy Wang, told PC Mag: ” We have solid evidence that compromised accounts have passwords stored in plaintext format (non-encrypted text) on the repository. related. We encourage the use of password management tools to store passwords more securely . ”

Unfortunately for hackers, while the attack took place over a day, however, as of 3:00 am on May 4, Vietnam time, Bitcoin wallet at the above address only received a payment by Bitcoin. worth $ 2.99.

Luckier has come to developers when members of the security forum StackExchange Security have discovered that hackers don’t actually delete the victim’s code, but only change the header of the commit, which means are commits that can be restored.

On Twitter, a series of celebrities in the developer community called on victims to contact support groups of GitHub, GitLab and Bitbucket before paying any ransom to hackers, due to can recover the hacked accounts.

Refer to ZDNet, PCMag

Hacker only takes a few minutes to find the first key in the competition with a $ 1 million Bitcoin prize