For those who do not know the Github service that was bought in 2018 by Microsoft for $ 7.5 billion, this is a software development management platform. It is used by millions of developers and companies around the world. Github houses projects registered in private depots that are updated regularly. Several users report these last hours being victims of ransom. Unidentified hackers managed to hack close to 400 accounts which they took care of emptying the contents.
Piracy of Github Deposits: Hackers Demand Ransom in Bitcoin
Github is not the only platform affected by this attack that also affects two of its competitors: BitBucket and GitLab. The observation is the same everywhere. Hackers removed source code and commits (updates) from Git repositories of their victims. A message left in each account invites the target to pay a ransom of 0.1 Bitcoin (about 500 dollars) to the address of hackers within a maximum of 10 days. They claim to have taken care to transfer all data to their own servers.
"To recover your lost code and avoid leaks, send 0.1 Bitcoin (BTC) to Bitcoin address 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by email at admin@gitsbackup.com with your Git ID and proof of payment. If you are not convinced that we have your data, contact us and we will send you proof. Your code has been transferred to our servers. If we do not receive your payment in the next 10 days, we will return your code or otherwise use it "
The process by which hackers could break into several hundred accounts at once is not yet known formally. GitLab says that after studying some cases, it appeared that some victims stored passwords in plain text files. A developer also acknowledged that he was using a weak password, which could have favored a brute force attack.
GitHub and Bitbucket on their side continue to conduct their investigations. Experts at the StackExchange forum explained that there is a chance that deleted source codes will be recovered by the victims. But this is not the real problem since they certainly have copies of their projects.
The main object of the threat is the disclosure of source codes that would be publicly available. No software publisher, mobile application or web would want his work to be accessible on the web because of the obvious risks of recovery and copyright infringement.
